Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/04/16 2:25 a.m.37 views

CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0026EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/09/30 3:15 p.m.4 views

CVE-2025-7493

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

9.1CVSS7.2AI score0.00523EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/08/26 12:0 p.m.6 views

WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Z Y N I T H versions = 7.4.9...

6.5CVSS7AI score0.00355EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/12/17 3:15 a.m.4 views

CVE-2020-25095

LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...

8.8CVSS7.2AI score0.00958EPSS
Exploits0References1
Rows per page
Query Builder