Lucene search
K

12 matches found

OSV
OSV
added 2026/04/24 12:0 p.m.8 views

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0References3
CVE
CVE
added 2026/01/08 9:17 a.m.15 views

CVE-2025-67914

CVE-2025-67914 describes a Path Traversal vulnerability in VidMov (VidMov WordPress theme/plugin) by beeteam368. Affected: VidMov versions up to 2.3.8 (reported as n/a through

7.7CVSS6.6AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.9 views

PT-2025-48791

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process status unlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticate...

5.3CVSS5.4AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2025/10/27 2:15 a.m.8 views

CVE-2025-62946

Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through = 2.3.8...

5.3CVSS0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 6:36 p.m.4 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS6.5AI score0.00255EPSS
Exploits1References1
OSV
OSV
added 2025/10/16 6:35 p.m.4 views

CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS7.1AI score0.00255EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/28 6:52 a.m.11 views

CVE-2025-9896

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:23 p.m.2 views

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:51 a.m.7 views

CVE-2022-45076

Cross-Site Request Forgery CSRF vulnerability in WebMat Flexible Elementor Panel plugin = 2.3.8 versions...

8.8CVSS7.1AI score0.00273EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/11 1:4 p.m.3 views

WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme OnePress versions = 2.3.8...

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/15 6:57 a.m.4 views

WordPress month name translation benaceur plugin < 2.3.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin month name translation benaceur versions 2.3.8...

4.8CVSS6.1AI score0.00352EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/09/01 11:15 a.m.6 views

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

7.5CVSS6.1AI score0.00701EPSS
Exploits1References2
Rows per page
Query Builder