Lucene search
K

1384 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.8 views

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS7.6AI score0.2974EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.9 views

CVE-2021-27634

SAP NetWeaver AS for ABAP RFC Gateway, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7AI score0.01325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.16 views

CVE-2021-27633

SAP NetWeaver AS for ABAP RFC Gateway, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7AI score0.01508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.9 views

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

9.8CVSS7.2AI score0.00889EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14130

The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2959

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the savePricingTable function. This makes it possible for unauthenticated attackers to create and edit prici...

4.3CVSS6.4AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.3 views

PT-2026-1627

Name of the Vulnerable Software and Affected Versions Testimonial Master plugin for WordPress versions up to and including 0.2.1 Description The Testimonial Master plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output...

6.1CVSS6.3AI score0.00324EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.25 views

CVE-2022-50789 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

8.5CVSS0.03744EPSS
Exploits2References5
OSV
OSV
added 2025/12/18 7:16 p.m.3 views

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

7.5CVSS7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52286

Name of the Vulnerable Software and Affected Versions free5GC UPF versions prior to 4.1.0 Description The free5GC UPF is susceptible to a denial of service due to insufficient bounds checking on the Session ID SEID when handling PFCP Session Deletion Requests. An unauthenticated remote attacker c...

7.5CVSS6.8AI score0.0049EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/17 7:21 a.m.4 views

EUVD-2025-203880

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the downloadpluginbulk and downloadthemebulk functions. This makes it possibl...

4.3CVSS4.9AI score0.00104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/14 4:6 a.m.12 views

CVE-2025-14454

The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00131EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 4:31 a.m.14 views

CVE-2025-12076

CVE-2025-12076 — Social Media Auto Publish (WordPress) is a reflected Cross-Site Scripting vulnerability via the PostMessage parameter. The WordPress plugin is affected in all versions up to and including 3.6.5 due to insufficient input sanitization and output escaping. Exploitation is possible b...

6.1CVSS5.3AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 4:15 a.m.8 views

CVE-2025-14062

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...

4.3CVSS0.00124EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/12/10 4:50 p.m.4 views

CVE-2025-67635

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

7.5CVSS6.8AI score0.00506EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 11:4 a.m.25 views

CVE-2025-41732

CVE-2025-41732 describes a stack-based overflow caused by unsafe sscanf usage in the check_cookie() function, permitting an unauthenticated remote attacker to write into fixed-size stack buffers and potentially compromise the device. The Open documentation consistently states a full device compro...

9.8CVSS6.9AI score0.00369EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2025/12/10 7:29 a.m.17 views

RCE (Remote Code Execution) in Jira Software Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 11.2.0 of Jira Software Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated...

7.5CVSS8.6AI score0.21261EPSS
Exploits0
NVD
NVD
added 2025/12/09 4:17 p.m.6 views

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...

9.6CVSS0.29494EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 5:31 a.m.16 views

CVE-2025-12190

CVE-2025-12190 affects the WordPress plugin Image Optimizer by wps.sk (versions ≤ 1.2.0) with CSRF due to missing nonce validation in imagopby_ajax_optimize_gallery(). Multiple connected sources confirm the CSRF flaw and impacted plugin/version; however, no patch/version remediation is detailed i...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.3 views

CVE-2025-13144 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS4.9AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder