Lucene search
K

54 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-57330

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 8:16 p.m.3 views

UBUNTU-CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

6.3CVSS6.4AI score0.00279EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 6:25 p.m.11 views

EUVD-2026-30358

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 2:42 p.m.5 views

BIT-JAVA-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS6.8AI score0.04221EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.6 views

CVE-2026-24973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...

7.1CVSS5.8AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 6:38 p.m.17 views

CVE-2026-27273

Substance3D Stager is affected by CVE-2026-27273 (out-of-bounds write) in versions up to 3.1.7. The vulnerability could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Remediation is provided in APSB26-29, which ...

7.8CVSS6.3AI score0.00142EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.5 views

CVE-2026-27338

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.11 views

CVE-2026-22473

CVE-2026-22473 affects the WordPress theme Dental Clinic (Designthemes) up to version 3.7. It is a Deserialization of Untrusted Data (PHP Object Injection) vulnerability that can be exploited by an authenticated attacker (Subscriber+) and has a high risk profile (CVSS 3.1: 8.8). Current connected...

8.8CVSS5.9AI score0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.6 views

CVE-2026-22384

Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through = 3.7...

5.4AI score0.00304EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 3:47 p.m.13 views

CVE-2026-22384

CVE-2026-22384 describes a deserialization vulnerability in the WordPress plugin Applay - Shortcodes (versions up to and including 3.7) that enables PHP Object Injection via untrusted data. The WP-exposed issue is associated with the leafcolor Applay - Shortcodes code path and is rated CRITICAL (...

9.8CVSS5.5AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 8:3 p.m.25 views

CVE-2025-14472

CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...

8.1CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS6.4AI score0.01149EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.7 views

CVE-2022-31299

Haraj v3.7 was discovered to contain a reflected cross-site scripting XSS vulnerability in the User Upgrade Form...

6.1CVSS6.1AI score0.04731EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/24 9:39 a.m.11 views

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS6.4AI score0.00416EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/23 4:4 a.m.3 views

SUSE CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/13 4:16 p.m.2 views

CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References8
CVE
CVE
added 2025/12/13 1:2 p.m.27 views

CVE-2025-14607

OFFIS DCMTK vulnerability CVE-2025-14607 affects DCMTK up to 3.6.9, specifically the DcmByteString::makeDicomByteString function in dcmdata. This memory corruption can be triggered remotely via crafted DICOM datasets. Affected versions are DCMTK 3.6.x up to 3.6.9; remediation is to upgrade to DCM...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-49911 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

7.1CVSS6AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

WordPress plugin woo-vehicle-parts-finder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.3 views

CVE-2024-53499

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API...

8.5AI score0.00476EPSS
Exploits1References3
Rows per page
Query Builder