Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44354

Name of the Vulnerable Software and Affected Versions Drupal JSON Field versions prior to 1.5 Description A flaw exists in Drupal JSON Field that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. Successful exploitation could...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/08/21 11:21 p.m.4 views

SUSE CVE-2025-54463

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...

7.5CVSS7AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.4 views

WordPress plugin SKT Blocks – Gutenberg based Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin SKT Blocks - Gutenbe...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/22 6:39 a.m.7 views

WordPress Community Events plugin < 1.5 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5...

5.4CVSS7AI score0.00262EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.5 views

PT-2022-24371 · Thematosoup · The Fancier Author Box

Name of the Vulnerable Software and Affected Versions: The Fancier Author Box by ThematoSoup WordPress plugin versions prior to 1.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...

4.8CVSS4.6AI score0.00501EPSS
Exploits2References3
OSV
OSV
added 2021/04/30 6:15 p.m.2 views

CVE-2021-21535

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system...

7.8CVSS7.1AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/30 12:0 a.m.5 views

Dell Hybrid Client 信息泄露漏洞

DELL Dell Hybrid Client is a software application from Dell USA Inc. It provides a client computing software with hybrid cloud management capabilities. An information disclosure vulnerability exists in Dell Hybrid Client versions prior to 1.5, which can be exploited by a local, unauthenticated...

4CVSS5.1AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder