Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2025/02/28 8:1 p.m.9 views

CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

6.3CVSS6.5AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/28 8:1 p.m.15 views

CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

6.3CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:1 p.m.2121 views

CVE-2025-0769

PixelYourSite – Your smart PIXEL (TAG) and API Manager plugin (WordPress) version 10.1.1.1 is affected by CVE-2025-0769 due to unvalidated user input being used directly in an unserialize call inside myapp/modules/facebook/facebook-server-sync-task.php. The vulnerability is described as an unauth...

6.3CVSS7.1AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.6 views

PT-2025-9133 · Unknown · Pixelyoursite

Name of the Vulnerable Software and Affected Versions: PixelYourSite - Your smart PIXEL TAG and API Manager version 10.1.1.1 Description: The issue arises from unvalidated user input being used directly in an unserialize function. This occurs in the myapp/modules/facebook/facebook-server-a...

6.3CVSS9.3AI score0.00356EPSS
Exploits0References8
NVD
NVD
added 2025/02/27 7:15 p.m.15 views

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

9.8CVSS0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/27 6:14 p.m.8 views

CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

6.3CVSS6.5AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2025/02/27 6:14 p.m.45 views

CVE-2025-0767

CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...

9.8CVSS6.5AI score0.00434EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 1:47 a.m.11 views

CVE-2022-43971

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware = 1.0.02 build3. The dosetNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator...

7.2CVSS7.7AI score0.01682EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.5 views

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar that stems from not validating user input...

8.8CVSS8.7AI score0.00665EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

AnythingLLM Input Validation Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. An input validation error vulnerability exists in AnythingLLM that stems from the application failing to properly validate user input before passing it to prisma functions and other critical operations...

8.8CVSS6.8AI score0.00569EPSS
Exploits1References3
Prion
Prion
added 2024/01/23 6:15 p.m.18 views

Server side request forgery (ssrf)

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...

7.5CVSS6.9AI score0.01003EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2023/12/22 5:15 p.m.19 views

Server side request forgery (ssrf)

Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...

5CVSS7.3AI score0.00602EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/08/25 4:15 p.m.3 views

CVE-2023-40797

In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...

8.8CVSS5.8AI score0.00787EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/10/21 12:0 a.m.11 views

Pie Register < 3.7.2.4 - Open Redirect

The plugin passes unvalidated user input to the wpredirect function, without validating it, leading to an Open redirect issue PoC https://example.com/?piereglogouturl=trueto=https://wpscan.com...

0.4AI score
Exploits0Affected Software1
Huntr
Huntr
added 2021/09/09 7:58 a.m.12 views

Cross-site Scripting (XSS) - Reflected in vfleaking/uoj

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 10:11 a.m.17 views

Cross-site Scripting (XSS) - Reflected in andrewpaglusch/flashpaper

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 2:12 a.m.7 views

Cross-site Scripting (XSS) - Reflected in kasuganosoras/pigeon

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 1:13 a.m.17 views

Cross-site Scripting (XSS) - Reflected in mailcow/mailcow-dockerized

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
CNVD
CNVD
added 2021/08/27 12:0 a.m.24 views

IBM API Connect Code Injection Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. a code injection vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability stems from unvalidated user input. An attacker could exploit the vulnerability to inject code...

9.8CVSS4.9AI score0.00922EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/17 4:48 p.m.21 views

CVE-2021-24327 SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads...

5AI score0.00617EPSS
Exploits2References1
Rows per page
Query Builder