Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00757EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.5 views

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

6.1CVSS6.1AI score0.00833EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.5 views

CVE-2025-63011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

5.9CVSS5.9AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.23 views

CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 12:20 a.m.9 views

CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

6.5CVSS0.00375EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/03/25 6:53 a.m.6 views

WordPress WP Tabs plugin < 2.2.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Tabs versions 2.2.7...

6.1CVSS6.1AI score0.00257EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/05/14 3:25 p.m.2 views

UBUNTU-CVE-2024-31458

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...

8CVSS7.3AI score0.12602EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.3 views

In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

...

7.8CVSS6.5AI score0.07107EPSS
Exploits1
OSV
OSV
added 2019/03/21 4:1 p.m.4 views

CVE-2019-6274

Directory traversal vulnerability in storagecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences...

8.8CVSS7.4AI score0.11443EPSS
Exploits4References2
Rows per page
Query Builder