Lucene search
K

33 matches found

Snyk
Snyk
added 2025/09/03 8:41 p.m.6 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the jsx and sx endpoints. An attacker can access and read sensitive configuration files by crafting URLs with "../" sequence that traverse directories. Remediation Upgrade...

9.8CVSS5.8AI score0.01639EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2025-9172

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.7AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 4:15 a.m.5 views

CVE-2025-9172

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 3:24 a.m.9 views

CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.004EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 3:24 a.m.23 views

CVE-2025-9172

The CVE-2025-9172 entry concerns the WordPress plugin Vibes (

7.5CVSS7.2AI score0.004EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 3:24 a.m.5 views

CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS7.8AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.3 views

PT-2025-34734

Name of the Vulnerable Software and Affected Versions: The Vibes plugin for WordPress versions prior to 2.2.1 Description: The Vibes plugin for WordPress is susceptible to time-based SQL Injection via the resource parameter. Insufficient escaping of user-supplied input and inadequate preparation ...

7.5CVSS7AI score0.004EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.2 views

PT-2024-39691 · WordPress · Slimstat Analytics

Name of the Vulnerable Software and Affected Versions: SlimStat Analytics plugin for WordPress versions up to, and including, 5.2.6 Description: The issue is related to Stored Cross-Site Scripting via the resource parameter due to insufficient input sanitization and output escaping when logging...

7.2CVSS6.5AI score0.00496EPSS
Exploits0References12
OSV
OSV
added 2024/06/10 3:15 p.m.5 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

5.4CVSS5.8AI score0.00314EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.5 views

SUSE CVE-2011-2941

Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter...

5.8CVSS6.9AI score0.01128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 5:7 a.m.7 views

Alkacon OpenCMS XSS via title and requestedResource parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...

4.3CVSS5.5AI score0.01878EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:13 a.m.25 views

Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

4CVSS6.8AI score0.01356EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/04/16 10:19 p.m.3 views

CVE-2007-2048

Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. dot dot in the resource parameter...

5CVSS5.8AI score0.03828EPSS
Exploits1References10
Rows per page
Query Builder