Lucene search
K

1387 matches found

Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.3 views

CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.22 views

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
NVD
NVD
added 2025/11/04 4:15 a.m.6 views

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS0.00142EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/27 12:30 a.m.8 views

EUVD-2025-35955

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS6.4AI score0.00773EPSS
Exploits0References5
NVD
NVD
added 2025/10/24 9:15 a.m.9 views

CVE-2025-12028

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS0.00194EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

Sauter modu680-AS 安全漏洞

Sauter modu680-AS is a modular automation station and web server from Sauter, Switzerland. A security vulnerability exists in the Sauter modu680-AS that can be exploited by an unauthenticated remote attacker to crash the wscserver by sending an incomplete SOAP request and the process cannot be...

7.5CVSS6.8AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/18 9:30 a.m.7 views

EUVD-2025-34978

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00214EPSS
Exploits0References5
CVE
CVE
added 2025/10/16 6:52 p.m.15 views

CVE-2025-34254

D-Link Nuclias Connect: firmware

6.9CVSS6.8AI score0.00954EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/15 1:45 p.m.7 views

CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS7.3AI score0.00423EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/10/15 4:23 a.m.15 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.03389EPSS
Exploits0
CVE
CVE
added 2025/10/14 3:23 p.m.6 views

CVE-2024-33507

CVE-2024-33507 affects FortiIsolator: multiple releases are vulnerable due to an insufficient session expiration (CWE-613) and an incorrect authorization flaw (CWE-863). A remote unauthenticated attacker can deauthenticate logged-in administrators by sending a crafted cookie, and a remote authent...

9.1CVSS7.1AI score0.00373EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/14 8:5 a.m.2 views

CVE-2025-41704 Phoenix Contact: Unauthenticated Modbus Service DoS via Crafted Function Code

An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality...

5.3CVSS6.9AI score0.01503EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14353

Malware in sbrugna...

7.5CVSS7.8AI score0.01508EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-12721

Malware in sbrugna...

7CVSS7.5AI score0.00419EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2017-12461

Malware in sbrugna...

8.2CVSS8.3AI score0.01237EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-11278

Malware in sbrugna...

8.8CVSS5.2AI score0.00593EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9607

Malware in sbrugna...

5.3CVSS5.5AI score0.01188EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13540

Malware in sbrugna...

5.3CVSS5.6AI score0.0595EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-24460

Malware in sbrugna...

8.6CVSS8.7AI score0.01795EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22604

Malware in sbrugna...

6.1CVSS6.7AI score0.01143EPSS
Exploits0References2
Rows per page
Query Builder