Lucene search
+L

511 matches found

Patchstack
Patchstack
added 2025/12/11 9:59 p.m.9 views

WordPress Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection vulnerability

Cross-Site Request Forgery to Google OAuth Connection vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Foxtool All-in-One versions = 2.5.2...

4.3CVSS6.7AI score0.0015EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/11 2:11 p.m.11 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

9.1CVSS6.9AI score0.19396EPSS
Exploits11References10
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.8 views

Serendipity 代码问题漏洞

Serendipity is a PHP-based blogging system by the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A code issue vulnerability exists in Serendipity version 2.5.0, which stems from an authenticated administrator being able to upload malicious PHP...

8.6CVSS7.9AI score0.00892EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-202017

Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...

6.3AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202052

The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trimtext' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS4.8AI score0.00327EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.30 views

CVE-2025-62866 WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...

4.3CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.31 views

CVE-2025-67554

Summary: CVE-2025-67554 is a stored XSS vulnerability in the WordPress plugin

5.9CVSS5.6AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 9:27 a.m.19 views

CVE-2025-13678

CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...

6.4CVSS4.7AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

WordPress plugin CRM Memberships 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00236EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.6 views

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

8.7CVSS6.6AI score0.01429EPSS
Exploits0References26
EUVD
EUVD
added 2025/11/28 12:0 a.m.8 views

EUVD-2025-199867

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin...

4.1CVSS6.3AI score0.00273EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2025/11/25 12:0 a.m.8 views

mingw-expat security update

2.5.0-1 - Rebase to version 2.5.0 - Fix the following CVEs CVE-2023-52425 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-59375 - Resolves: RHEL-114628...

7.5CVSS7AI score0.02006EPSS
Exploits3
EUVD
EUVD
added 2025/11/21 12:29 p.m.5 views

EUVD-2025-198458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

6.5CVSS5.9AI score0.00134EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/14 3:4 a.m.7 views

WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SKT Skill Bar versions = 2.5...

6.5CVSS6.1AI score0.00134EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

HP Integrated Lights-Out Improper Access Control (CVE-2017-12542)

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

10CVSS8.6AI score0.99335EPSS
Exploits9References5
NVD
NVD
added 2025/11/12 6:15 p.m.6 views

CVE-2025-65001

Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability...

8.2CVSS0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.12 views

PT-2025-46570

Name of the Vulnerable Software and Affected Versions Booking Calendar | Appointment Booking | Bookit plugin for WordPress versions up to and including 2.5.0 Description The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is susceptible to unauthorized data modification. This...

7.5CVSS5.8AI score0.00251EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.7 views

CVE-2025-62067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

8.1CVSS7.1AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.10 views

EUVD-2025-38044

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

8.1CVSS6.6AI score0.00392EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:15 p.m.4 views

CVE-2025-49904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through = 2.5.3...

7.1CVSS0.0021EPSS
Exploits0References1
Rows per page
Query Builder