Lucene search
K

99 matches found

CVE
CVE
added 2025/12/06 5:49 a.m.17 views

CVE-2025-12721

The CVE-2025-12721 entry concerns the WordPress plugin g-FFL Cockpit (versions up to 1.7.1). Public docs indicate a Missing Authorization to Unauthenticated Information Exposure via the /server_status REST endpoint, allowing unauthenticated attackers to extract server information. Connected sourc...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.5 views

PT-2025-49337

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the...

5.3CVSS5.6AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 10:15 p.m.4 views

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

9CVSS0.10962EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/21 4:38 p.m.8 views

CVE-2025-62729

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.4CVSS6.1AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/21 3:43 p.m.7 views

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.4CVSS6.7AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 6:31 p.m.6 views

EUVD-2025-198306

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.3CVSS5.6AI score0.00152EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 4:15 p.m.2 views

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.4CVSS0.00152EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 4:15 p.m.4 views

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.4CVSS5.8AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2025/11/20 4:15 p.m.9 views

CVE-2025-62729

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.4CVSS0.00147EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 4:15 p.m.10 views

CVE-2025-62729

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.4CVSS5.8AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.2 views

CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.1CVSS5.4AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.7 views

CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.1CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:43 p.m.22 views

CVE-2025-62729

CVE-2025-62729 affects SOPlanning with a Stored XSS in the /status endpoint. An authenticated attacker can inject arbitrary HTML/JS that is rendered for multiple pages. Root cause described in connected Red Hat/ENISA/NVD entries; fixed in version 1.55. CVSS metrics indicate MEDIUM severity (3.1: ...

5.4CVSS5.4AI score0.00147EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/11/20 3:43 p.m.3 views

EUVD-2025-198311

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS6.2AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2025/11/20 3:43 p.m.17 views

CVE-2025-62293

SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...

5.4CVSS6AI score0.00152EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.10 views

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.1 views

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS6.4AI score0.00152EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.6 views

SOPlanning 跨站脚本漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /status endpoint that does not properly clean inputs, and could lead to stored cross-site scripting...

5.4CVSS5.5AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.1 views

PT-2025-47593

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Broken Access Control issue in the /status endpoint. Insufficient permission checks within the Project Status functionality allow an authenticated attacker to modify...

5.4CVSS6.4AI score0.00152EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.5 views

PT-2025-47598

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue within the /status endpoint. An attacker possessing an account can inject arbitrary HTML and JavaScript code into the website...

5.4CVSS5.4AI score0.00152EPSS
Exploits0References6
Rows per page
Query Builder