Lucene search
K

144 matches found

CNNVD
CNNVD
added 2025/11/24 12:0 a.m.5 views

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit that stems from a failure to properly implement the security.users authentication mechanism, which could lead to a remote attacker sending...

6.5CVSS7.1AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.8 views

PT-2025-47920

Name of the Vulnerable Software and Affected Versions Fluent Bit affected versions not specified Description The Fluent Bit in forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with netwo...

6.5CVSS7.1AI score0.00555EPSS
Exploits0References18
NCSC
NCSC
added 2025/11/21 4:3 p.m.13 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...

9.8CVSS6.9AI score0.88312EPSS
Exploits10References1
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.5 views

CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

5.3CVSS0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47263

Name of the Vulnerable Software and Affected Versions ACF Flexible Layouts Manager plugin for WordPress versions up to and including 1.1.6 Description The ACF Flexible Layouts Manager plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capabilit...

6.5CVSS6.1AI score0.00178EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.8 views

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.11 and versions 2.0.0-alpha.0 through 2.8.1-rc.0, which stems from mishandling of access control commands and could lead to unauthenticated querie...

7.5CVSS6.6AI score0.00313EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 6:15 a.m.7 views

CVE-2025-10008

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

5.3CVSS0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44371

Name of the Vulnerable Software and Affected Versions Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to and including 5.1 Description The software is susceptible to unauthorized data loss. This is due to a missing capability check within the clean options...

5.3CVSS6.1AI score0.00264EPSS
Exploits0References6
NCSC
NCSC
added 2025/10/23 1:26 p.m.13 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Enterprise Manager The vulnerabilities allow unauthorized attackers to gain access to sensitive data and can lead to denial-of-service DoS attacks. Specifically, the vulnerability in Oracle Enterprise Manager's Security Framework can be exploited by unauthenticated...

8.7CVSS6.7AI score0.63258EPSS
Exploits7References1
EUVD
EUVD
added 2025/10/21 6:30 p.m.4 views

EUVD-2025-35186

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

6.9CVSS6.6AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/19 12:0 a.m.2 views

CVE-2025-62672

rplay through 3.3.2 allows attackers to cause a denial of service SIGSEGV and daemon crash or possibly have unspecified other impact. This occurs in memcpy in the RPLAYDATA case in rplayunpack in librplay/rplay.c, potentially reachable via packet data with no authentication...

5.3CVSS6.9AI score0.00533EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.4 views

CVE-2025-10743

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS6.8AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 8:26 a.m.4 views

EUVD-2025-34540

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

5.3CVSS5.4AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30956

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29146

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00604EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/12 12:0 a.m.7 views

CVE-2025-45584

Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication...

0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.3 views

Audi UTR 2.0 安全漏洞

Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0 that originates from improper Web services access control and could result in unauthenticated downloads of automobile information...

7.5CVSS6.8AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

ISC Stork 安全漏洞

ISC Stork is a web management platform for the ISC organization. A security vulnerability exists in ISC Stork version 2.3.0 and earlier, which stems from a large amount of data sent by an unauthenticated user could lead to memory and disk usage issues...

7.5CVSS6.5AI score0.0041EPSS
Exploits0References2
ICS
ICS
added 2025/09/09 12:0 a.m.4 views

Siemens SINEC OS

SUMMARY SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for...

7.3AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.10 views

PT-2025-36344

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...

6.5CVSS7AI score0.00311EPSS
Exploits0References8
Rows per page
Query Builder