Lucene search
K

1394 matches found

Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1597

Name of the Vulnerable Software and Affected Versions The Latest Tabs plugin for WordPress versions up to and including 1.5 Description The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within the...

4.3CVSS6.1AI score0.00102EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/01/03 6:59 p.m.23 views

curl: Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access

Summary During my manual review of the file path handling logic in curl's source code, I noticed the absence of proper validation for directory traversal sequences, which I then verified through practical testing. I discovered that curl allows unauthorized access to arbitrary files through the...

8.1CVSS8.2AI score0.60122EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/12/31 7:15 a.m.3 views

CVE-2025-15272

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.5AI score0.00579EPSS
Exploits0References2
OSV
OSV
added 2025/12/30 12:16 p.m.2 views

OESA-2025-2873 qt5-qtdeclarative security update

. Security Fixes: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text componen...

8.7CVSS6.7AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.13 views

CVE-2025-66203

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

9.9CVSS7.5AI score0.00671EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53623

🚨 CVE-2025-52598 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, plea...

6.3CVSS6.8AI score0.00173EPSS
Exploits0References5
CNVD
CNVD
added 2025/12/25 12:0 a.m.5 views

Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...

9.8CVSS6.1AI score0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

BTicino Legrand BTicino Driver Manager 安全漏洞

BTicino Legrand BTicino Driver Manager is a gateway integration and protocol conversion software from BTicino, Italy. A security vulnerability exists in BTicino Legrand BTicino Driver Manager that stems from a lack of proper request validation and could lead to cross-site request forgery attacks...

5.3CVSS6AI score0.00216EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 10:15 p.m.4 views

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS0.00539EPSS
Exploits0References2
OSV
OSV
added 2025/12/23 10:15 p.m.4 views

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.5AI score
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.159 views

📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read

An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...

7.1CVSS6.5AI score0.00147EPSS
Exploits5
EUVD
EUVD
added 2025/12/21 6:31 a.m.3 views

EUVD-2025-204657

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

4.3CVSS4.9AI score0.00129EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/21 4:12 a.m.11 views

CVE-2025-14164

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS5.3AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/21 3:20 a.m.5 views

CVE-2025-13361 Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

4.3CVSS5AI score0.00129EPSS
Exploits0References4
CVE
CVE
added 2025/12/21 3:20 a.m.15 views

CVE-2025-13361

CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...

4.3CVSS5AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/20 6:30 a.m.6 views

EUVD-2025-204622

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS4.5AI score0.00123EPSS
Exploits0References8
NVD
NVD
added 2025/12/20 4:16 a.m.7 views

CVE-2025-13365

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS0.00123EPSS
Exploits0References7
NVD
NVD
added 2025/12/20 4:16 a.m.6 views

CVE-2025-14168

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2025/12/20 3:20 a.m.24 views

CVE-2025-13365

CVE-2025-13365 affects the WP Hallo Welt WordPress plugin (versions up to and including 1.4). The issue stems from missing/incorrect nonce validation in the hallo_welt_seite function, enabling unauthenticated CSRF that lets an attacker manipulate plugin settings. The lack of input sanitization/ou...

6.1CVSS4.6AI score0.00123EPSS
Exploits0References7
CVE
CVE
added 2025/12/20 3:20 a.m.10 views

CVE-2025-14164

Technical details about CVE-2025-14164 are not publicly provided in the supplied documents. The initial description mentions a CSRF vulnerability in Quran Gateway for WordPress up to version 1.5, but no further technical specifics are available here.

4.3CVSS5AI score0.00126EPSS
Exploits0References3
Rows per page
Query Builder