Lucene search
K

6279 matches found

Circl
Circl
added 2025/12/16 3:0 p.m.5 views

CVE-2025-65518

creationtimestamp| type| source ---|---|--- 2025-12-16 15:00:07+00:00| published-proof-of-concept| Telegram/vMapVwBTPoziYsVhraiOr2XjKllgeKD5X4QLNBfOpeW9ZJY 2026-01-08 18:58:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115861010964456359 2026-01-08 19:40:58+00:00| seen|...

7.5CVSS4.8AI score0.00588EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 5:25 a.m.4 views

EUVD-2025-203499

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.6AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 12:16 a.m.6 views

CVE-2025-66402

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2025/12/16 12:0 a.m.9 views

CVE-2025-65590

CVE-2025-65590 affects nopCommerce 4.90.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the Blog posts functionality in the Content Management area. The initial report does not provide exact vulnerable component details beyond the Blog posts feature; Red Hat and EUVD mir...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2025/12/16 12:0 a.m.2 views

WordPress List category posts SQL Injection Vulnerability

WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...

6.5CVSS8.1AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51769

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software is susceptible to Cross Site Scripting XSS through the Blog posts functionality within the Content Management area. The issue allows for potential malicious script injection. Recommendations ...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/16 12:0 a.m.27 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.4 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.8AI score0.00193EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

nopCommerce 安全漏洞

nopCommerce is an open source, general purpose e-commerce platform from nopCommerce, Inc. A security vulnerability exists in nopCommerce version 4.90.0, which stems from cross-site scripting in the Blog posts feature in the content management area...

5.4CVSS6.1AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.10 views

Misskey 安全漏洞

Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...

7.1CVSS6.4AI score0.00264EPSS
Exploits1References3
GoogleProjectZero
GoogleProjectZero
added 2025/12/16 12:0 a.m.22 views

Welcome to the new Project Zero Blog

Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2025/12/15 11:9 p.m.27 views

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2025/12/15 11:9 p.m.12 views

CVE-2025-66402

Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...

7.1CVSS6.4AI score0.00264EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/15 11:9 p.m.5 views

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS6.7AI score0.00264EPSS
Exploits1References4
OSV
OSV
added 2025/12/15 8:55 p.m.6 views

GHSA-496G-MMPW-J9X3 misskey.js's export data contains private post data

Summary After adding private posts followers, direct that you do not have permission to view to your favorites or clips, you can export them to view the contents of the private posts. PoC 1. Create an account X for testing and an account Y for private posts on the same server. 2. Send appropriate...

7.1CVSS6.6AI score0.00264EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/15 8:55 p.m.6 views

misskey.js's export data contains private post data

Summary After adding private posts followers, direct that you do not have permission to view to your favorites or clips, you can export them to view the contents of the private posts. PoC 1. Create an account X for testing and an account Y for private posts on the same server. 2. Send appropriate...

7.1CVSS6.7AI score0.00264EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/15 2:25 p.m.18 views

CVE-2025-13950

CVE-2025-13950 affects the OneSignal – Web Push Notifications WordPress plugin. It allows unauthenticated modification of data (App ID, REST API key, and notification behavior) via POST requests due to a missing capability check in settings handling for all versions up to 3.6.1. The issue is netw...

5.3CVSS5AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.15 views

CVE-2025-9218

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS5.9AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203220

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS5.4AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 12:9 p.m.4 views

CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder