Lucene search
K

1384 matches found

Vulnrichment
Vulnrichment
added 2025/12/05 4:29 a.m.2 views

CVE-2025-13362 Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...

4.3CVSS5.1AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49227

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save settings function. This makes it possible for...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 5:16 a.m.9 views

CVE-2025-13387

The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48608

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...

8.8CVSS7.6AI score0.00461EPSS
Exploits0References4
CVE
CVE
added 2025/12/01 3:25 p.m.19 views

CVE-2025-55222

CVE-2025-55222 affects Socomec DIRIS Digiware M-70 gateway (firmware 1.6.9). A DoS can be triggered by unauthenticated crafted Modbus TCP or Modbus RTU over TCP messages (USB Function), on port 503, causing device unresponsiveness. TALOS details confirm the vulnerability exists in Modbus TCP/RTU ...

8.6CVSS6.5AI score0.00363EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/28 4:57 a.m.7 views

CVE-2025-13538

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

9.8CVSS6.1AI score0.00305EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 8:15 p.m.4 views

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

8.6CVSS6.8AI score
Exploits0References6
CVE
CVE
added 2025/11/25 7:28 a.m.9 views

CVE-2025-12586

The CVE concerns the WordPress plugin Conditional Maintenance Mode for WordPress, affecting all versions up to and including 1.0.0. The root cause is missing nonce validation when toggling the maintenance mode status, leading to Cross‑Site Request Forgery (CSRF). This enables unauthenticated atta...

4.3CVSS5.1AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2025/11/22 8:15 a.m.4 views

CVE-2025-12752

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00148EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 3:17 p.m.6 views

CVE-2025-11676

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

7.1CVSS0.00182EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:27 a.m.10 views

CVE-2025-12827

CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.12 views

CVE-2021-4467

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

8.7CVSS7.3AI score0.00402EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/15 12:30 a.m.8 views

EUVD-2024-26050

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS6.8AI score0.36619EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/12 5:7 p.m.4 views

CVE-2025-30255

Out-of-bounds write for some IntelR PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This...

8.3CVSS6.5AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 4:51 p.m.10 views

CVE-2025-35967

Intel PROSet/Wireless WiFi Software for Windows before version 23.160 contains an out-of-bounds read in Ring 2 device drivers that may allow a denial of service. An unprivileged, unauthenticated attacker with low complexity and adjacent access, requiring no user interaction, could impact availabi...

7.4CVSS6.1AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/05 4:31 p.m.5 views

EUVD-2025-37893

A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS...

8.6CVSS6.2AI score0.00673EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45128

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.4 Patch 4 or version 3.5 Description A flaw in the RADIUS setting of Cisco Identity Services Engine ISE allows an unauthenticated, remote attacker to cause the system to restart unexpectedly,...

8.6CVSS7.7AI score0.00673EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.3 views

CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.22 views

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
NVD
NVD
added 2025/11/04 4:15 a.m.5 views

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS0.00127EPSS
Exploits0References4
Rows per page
Query Builder