Lucene search
K

362 matches found

OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-45291 Malicious code in negative-slide-country (npm)

The package negative-slide-country was found to contain malicious code...

7AI score
Exploits0
Patchstack
Patchstack
added 2025/08/17 5:26 p.m.5 views

WordPress Slide Puzzle plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Slide Puzzle versions = 1.0.0...

7.1CVSS6.1AI score0.00228EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/07/22 2:43 p.m.5 views

CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/22 2:43 p.m.3 views

CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References3
CNVD
CNVD
added 2025/07/18 12:0 a.m.3 views

Modern Bag slideupdate.php File SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idSlide in file /admin/slideupdate.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illeg...

9.8CVSS8.3AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2025/07/13 1:15 a.m.7 views

CVE-2025-7509

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /admin/slide.php. The manipulation of the argument idSlide leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...

9.8CVSS5.7AI score0.00394EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/13 12:0 a.m.4 views

Code-Projects Modern Bag 注入漏洞

Code-Projects Modern Bag is an online management system from Code-Projects open source. An injection vulnerability exists in Code-Projects Modern Bag version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter idSlide in the file /admin/slide.php...

9.8CVSS7.8AI score0.00394EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.4 views

CVE-2024-1436

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.6 views

CVE-2024-6948

A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...

9.8CVSS7AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1565

A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slideadd.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

5.4CVSS5.8AI score0.00594EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.5 views

CVE-2022-1335

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.10 views

CVE-2022-1303

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS6AI score0.00565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.9 views

CVE-2022-2413

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

5.4CVSS6.6AI score0.0053EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.4 views

CVE-2021-21259

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

7.4CVSS7AI score0.01352EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/04/03 12:1 p.m.5 views

WordPress Slide <= 1.7.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Slide versions = 1.7.5...

9.9CVSS7AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/03 12:0 a.m.6 views

WordPress Slide Theme <= 1.7.5 is vulnerable to Arbitrary File Upload

Software Slide Type Theme Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 93c6f7b48621 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

6.2AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/01 7:37 a.m.4 views

WordPress Slide <= 1.7.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Slide versions = 1.7.5...

6.2AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/01 12:0 a.m.6 views

WordPress Slide Theme <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Slide Type Theme Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 185dcd16a69e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immuni...

6AI score0.00146EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/28 1:6 p.m.4 views

Malicious code in slide-tc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/03/28 1:6 p.m.4 views

MAL-2025-2998 Malicious code in slide-tc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Rows per page
Query Builder