Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.18 views

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

6.6CVSS7.1AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.10 views

CVE-2025-9631

The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...

4.3CVSS0.00151EPSS
Exploits0References3
OSV
OSV
added 2025/06/27 8:15 a.m.4 views

CVE-2025-6550

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideroptions’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00249EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/04/25 5:21 p.m.11 views

CVE-2025-32389

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param0=a1=b2=c utiliz...

8.6CVSS7.9AI score0.00412EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/18 3:51 p.m.11 views

CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...

7.3CVSS0.00383EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/21 12:0 a.m.5 views

SMF(Simple Machines Forum) 跨站脚本漏洞

SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF Simple Machines Forum version 2.1.4, which stems from improper manipulation of the Notice parameter in the ManageAttachments.php file, and...

5.4CVSS4.2AI score0.00355EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.10 views

PT-2025-11254

Name of the Vulnerable Software and Affected Versions: Civi - Job Board & Freelance Marketplace WordPress Theme plugin versions up to, and including, 2.1.4 Description: The issue is due to a lack of user validation before changing a password, making it possible for unauthenticated attackers to...

9.8CVSS6AI score0.00409EPSS
Exploits0References13
OSV
OSV
added 2024/06/11 9:15 p.m.6 views

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

5.4CVSS6AI score
Exploits0References5
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.3 views

TTS API OS Command Injection Vulnerability

The TTS API is a text-to-speech REST API for multiple TTS engines from the individual developer Pedro Trujillo. An operating system command injection vulnerability exists in TTS API version 2.1.4 and earlier, which stems from the onSpeechDone function of a file that can lead to operating system...

9.8CVSS7.6AI score0.02042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.4 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS6.6AI score0.00573EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.8 views

PrestaShop 路径遍历漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop tshirtecommerce 2.1.4 and earlier versions, which stems from the...

7.5CVSS7.4AI score0.03573EPSS
Exploits1References2
OSV
OSV
added 2022/05/21 12:15 a.m.2 views

UBUNTU-CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

5.3CVSS6.3AI score0.0183EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.4 views

PT-2022-19441

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4 Description The issue concerns a buffer used for inbound network traffic that had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An...

5.3CVSS5.8AI score0.0183EPSS
Exploits0References17
OSV
OSV
added 2021/05/14 8:15 p.m.10 views

PYSEC-2021-171

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References2
OSV
OSV
added 2020/11/22 7:22 p.m.4 views

OPENSUSE-SU-2020:1997-1 Security update for blueman

This update for blueman fixes the following issues: - Update to version 2.1.4 CVE-2020-15238: Fixed a local denial-of-service in the D-Bus interface boo1178196...

7.1CVSS6.8AI score0.04539EPSS
Exploits4References3
CNVD
CNVD
added 2017/08/03 12:0 a.m.3 views

OpenExif 'ExifJpegHUFFTable::deriveTable' function denial of service vulnerability

OpenExif is an object-oriented library for accessing image files in Exif format. A security vulnerability exists in the 'ExifJpegHUFFTable::deriveTable' function of the ExifHuffmanTable.cpp file in OpenExif version 2.1.4. A remote attacker can exploit this vulnerability to cause a denial of servi...

5.5CVSS7.2AI score0.00982EPSS
Exploits1References1
OSV
OSV
added 2017/05/01 8:59 p.m.4 views

CVE-2017-8403

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...

8.8CVSS5.8AI score0.00808EPSS
Exploits0References1
Rows per page
Query Builder