Lucene search
+L

131 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.9 views

CVE-2026-24035

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

4.3CVSS5.6AI score0.00289EPSS
Exploits1References1
Redos
Redos
added 2026/01/22 12:0 a.m.9 views

ROS-20260122-73-0026

Apache HTTP Server vulnerability is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to gain access to NTLM hashes by sending specially crafted requests...

7.5CVSS5.6AI score0.00784EPSS
Exploits0
NVD
NVD
added 2026/01/17 7:16 a.m.6 views

CVE-2026-0808

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS0.00312EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.9 views

WordPress plugin Spin Wheel has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.7AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.11 views

CVE-2023-49279

Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...

5.4CVSS6.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 6:32 p.m.7 views

EUVD-2025-199618

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

6.5AI score0.00261EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 4:15 p.m.8 views

CVE-2025-63800

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...

7.5CVSS0.00456EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS6AI score0.03237EPSS
In wildExploits2References80
OSV
OSV
added 2025/11/05 9:15 p.m.6 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS5.9AI score0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/05 12:0 a.m.11 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

0.0036EPSS
Exploits1References2
NVD
NVD
added 2025/11/04 5:16 a.m.13 views

CVE-2025-11890

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 12:0 a.m.4 views

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

6.9AI score0.00263EPSS
Exploits1References1
CVE
CVE
added 2025/10/09 12:0 a.m.53 views

CVE-2025-60375

CVE-2025-60375 affects Perfex CRM versions prior to 3.3.1. The issue is an authentication bypass caused by insufficient server-side validation of login parameters, allowing an attacker to gain unauthorized access (including admin accounts) by submitting empty username and password values. Exploit...

7.3CVSS6.9AI score0.00263EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-2947

Malware in sbrugna...

5.8CVSS6.4AI score0.01021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5505

Malware in sbrugna...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7137

Malware in sbrugna...

7.5CVSS7.6AI score0.0089EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-7591

Malware in sbrugna...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-17397

Malware in sbrugna...

9.8CVSS9.2AI score0.01461EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-17279

Malware in sbrugna...

7.5CVSS6.6AI score0.01772EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-13046

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder