Lucene search
K

759 matches found

Patchstack
Patchstack
added 2026/01/23 7:57 a.m.9 views

WordPress weDocs plugin <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Documentation Post Update vulnerability discovered by blue0x1 in WordPress Plugin weDocs versions = 2.1.16...

4.3CVSS5.5AI score0.00265EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/14 5:28 a.m.17 views

CVE-2025-15378

CVE-2025-15378 concerns the WordPress AJS Footnotes plugin, where versions up to 1.0 are vulnerable to a stored XSS due to missing authorization/nonce verification on settings save and insufficient input sanitization/output escaping on two parameters: note_list_class and popup_display_effect_in. ...

7.2CVSS4.9AI score0.00275EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.21 views

CVE-2021-27574

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

8.1CVSS7AI score0.01078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.7 views

CVE-2020-12046

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files...

5.7CVSS6.9AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2025-13521

The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.8 views

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

8.8CVSS7.3AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 2:22 a.m.9 views

CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.00541EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Sertifier Certificate & Badge Maker plugin <= 1.19 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sertifier Certificate & Badge Maker versions = 1.19...

4.3CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/21 3:31 a.m.5 views

EUVD-2025-204651

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS5.6AI score0.0024EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Code-Projects Simple Stock System SQL注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. Code-Projects Simple Stock System version 1.0 suffers from a SQL injection vulnerability that originates from an unknown function in the file /market/update.php that mishandles the parameter email, which can lea...

9.8CVSS7.8AI score0.00333EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...

8.1CVSS6.6AI score0.00204EPSS
Exploits1References2
NVD
NVD
added 2025/12/01 4:15 p.m.5 views

CVE-2025-61228

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...

7.8CVSS0.00093EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/11/25 12:8 a.m.7 views

WordPress Autochat Automatic Conversation plugin <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Autochat Automatic Conversation versions = 1.1.9...

5.3CVSS7AI score0.00239EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/24 3:11 p.m.12 views

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS0.00218EPSS
Exploits0References1
Talos
Talos
added 2025/11/24 12:0 a.m.12 views

GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability

Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...

8.3CVSS9.2AI score0.00218EPSS
Exploits0
CVE
CVE
added 2025/11/19 5:23 p.m.11 views

CVE-2025-65028

CVE-2025-65028 affects Rallly prior to 4.5.4. The vulnerability is an insecure direct object reference (IDOR) in the vote-update endpoint where the backend relies solely on the participantId parameter to identify votes, without verifying ownership or poll permissions. This allows any authenticate...

6.5CVSS6.3AI score0.00229EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2025/11/17 10:6 p.m.6 views

WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Make Email Customizer for WooCommerce versions = 1.0.6...

5.3CVSS7AI score0.0028EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/11/14 8:57 p.m.4 views

Unverified Password Change

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the authentication password without additional verification steps. Note: This...

8.3CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2025/11/13 4:15 p.m.5 views

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

6.5CVSS6.2AI score0.01336EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.13 views

NETGEAR RAX30和NETGEAR RAXE300 安全漏洞

NETGEAR RAX30 and NETGEAR RAXE300 are both products of NETGEAR, Inc.NETGEAR RAX30 is a dual-band wireless router.NETGEAR RAXE300 is a wireless router. A security vulnerability exists in the NETGEAR RAX30 and RAXE300 that stems from improper certificate validation in the firmware update logic, whi...

7.7CVSS7.4AI score0.00153EPSS
Exploits0References3
Rows per page
Query Builder