Lucene search
K

9 matches found

NVD
NVD
added 2026/06/20 9:16 a.m.13 views

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS0.00433EPSS
Exploits0References7
CVE
CVE
added 2026/05/08 1:37 p.m.22 views

CVE-2026-44339

Summary: A vulnerability in PraisonAI’s tool resolution allows undeclared main callables to be invoked through tool-call name manipulation. Prior to versions 4.6.37 (PraisonAI) and 1.6.37 (PraisonAIagents), unresolved tool names were resolved against module globals and main when the declared tool...

8.6CVSS5.8AI score0.00363EPSS
Exploits1References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/07 12:35 p.m.2 views

CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

6.5CVSS5.1AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1652

Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor Pro versions prior to 6.3.7 Description An incorrect access control configuration can lead to unauthorized access. The issue concerns The Plus Addons for Elementor Pro. Recommendations Update The Plus Addons for...

6.5CVSS6.6AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2023/11/20 9:15 a.m.10 views

CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS9.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/07/16 12:0 a.m.4 views

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

9.8CVSS7AI score0.00425EPSS
Exploits0References3
OSV
OSV
added 2021/01/14 4:15 p.m.2 views

CVE-2020-29019

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header...

5.3CVSS6.2AI score0.02084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/01/04 12:0 a.m.4 views

PT-2021-3438 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.0 through 6.3.7 FortiWeb versions prior to 6.2.4 FortiWeb versions 6.3.11 and earlier Description: A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrar...

10CVSS9.8AI score0.02567EPSS
Exploits1References8
OSV
OSV
added 2013/01/04 11:52 a.m.2 views

UBUNTU-CVE-2012-6090

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted filename...

7.5CVSS6.5AI score0.0313EPSS
Exploits0References7
Rows per page
Query Builder