Lucene search
K

15 matches found

EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39743

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS5.8AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.12 views

CVE-2025-69001

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

5.3CVSS5.4AI score0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2025-69001

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

5.3CVSS5.4AI score0.00233EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin FluentForm has a code injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.9AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/11 8:2 a.m.9 views

CVE-2025-9571

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

8.7CVSS8.5AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.13 views

CVE-2025-67569

Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through = 6.0.11...

5.3CVSS0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 8:26 p.m.2 views

CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS6.2AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 9:59 a.m.14 views

CVE-2025-10095

CVE-2025-10095 affects the SMSEagle firmware in the SMPP server component. The issue arises from improper sanitization of user input in the SMPP server scripts during database interactions, and is limited to the SMPP server’s dedicated database. The vulnerability’s impact is described as a SQL in...

5.3CVSS7.4AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-47520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless...

7.1CVSS6.7AI score0.00307EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

9CVSS7.1AI score0.02013EPSS
Exploits1References1
OSV
OSV
added 2022/12/18 6:15 a.m.3 views

UBUNTU-CVE-2022-47519

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTROPERCHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frame...

7.8CVSS6.7AI score0.00298EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2022/08/29 8:15 p.m.2 views

CVE-2022-3035

Cross-site Scripting XSS - Stored in GitHub repository snipe/snipe-it prior to v6.0.11...

5.9CVSS6.1AI score0.00595EPSS
Exploits1References3
OSV
OSV
added 2021/03/18 6:15 p.m.2 views

CVE-2020-14516

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly...

10CVSS7.3AI score0.04095EPSS
Exploits0References1
OSV
OSV
added 2017/10/05 1:29 a.m.4 views

CVE-2017-14000

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the application without authenticating...

9.4CVSS5.8AI score0.02269EPSS
Exploits0References2
Rows per page
Query Builder