Lucene search
K

271 matches found

CVE
CVE
added 2025/11/14 12:0 a.m.15 views

CVE-2025-63724

SVX Portal 2.7A has a SQL injection in the admin/update_setings.php endpoint triggered by crafted POST requests. The vulnerability affects the portal’s server-side handling of input and can lead to unauthorized query manipulation. References from multiple sources corroborate the issue for version...

6CVSS7.6AI score0.00261EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/11/14 12:0 a.m.10 views

CVE-2025-63724

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

0.00261EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/14 12:0 a.m.4 views

CVE-2025-63724

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

7.6AI score0.00261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.6 views

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 5:16 a.m.19 views

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00142EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.11 views

CVE-2025-12389

CVE-2025-12389 affects the WordPress plugin Import Export For WooCommerce. The vulnerability is an unauthorized data modification flaw caused by a missing capability check in update_setting(), present in all versions up to and including 1.6.2. Exploitation requires authenticated access at Subscri...

4.3CVSS4.7AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.12 views

CVE-2025-12389 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-23454

Malware in sbrugna...

4.3CVSS4.7AI score0.00423EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53920

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0041EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30306

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25063

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-34672

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01484EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25734

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25070

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-33605

Malicious code in bioql PyPI...

8.3CVSS6.6AI score0.0034EPSS
Exploits1References4
CVE
CVE
added 2025/10/03 11:17 a.m.20 views

CVE-2025-9884

The CVE-2025-9884 entry concerns the WordPress plugin Mobile Site Redirect (versions up to and including 1.2.1). The issue is a Cross-Site Request Forgery (CSRF) that, due to missing or incorrect nonce validation, can allow unauthenticated attackers to induce a site administrator to perform actio...

6.1CVSS4.9AI score0.00149EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/01 4:23 a.m.10 views

CVE-2025-9946

The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS5.3AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.15 views

CVE-2025-9882

The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.12 views

CVE-2025-9883

The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2025/09/20 7:15 a.m.6 views

CVE-2025-9883

The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS0.00141EPSS
Exploits0References3
Rows per page
Query Builder