Lucene search
K

1394 matches found

CVE
CVE
added 2025/12/12 3:20 a.m.9 views

CVE-2025-13363

CVE-2025-13363 concerns the IMAQ CORE WordPress plugin. According to Wordfence, versions up to and including 1.2.1 are vulnerable to a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the URL structure settings update function. This enables unauthenticated attackers to modify ...

4.3CVSS5AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.17 views

CVE-2025-14162

CVE-2025-14162 affects the BMLT WordPress Plugin (

4.3CVSS5AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50849

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Purchase and Expense Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site request...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Truefy Embed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Rabbit Hole 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.3AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Infility Global 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS6.8AI score0.00495EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.10 views

PT-2025-50862

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.4AI score0.00128EPSS
Exploits0References6
CVE
CVE
added 2025/12/11 1:16 a.m.11 views

CVE-2025-67719

Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...

8.5CVSS6.5AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/11 1:16 a.m.27 views

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

8.5CVSS0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 6:30 p.m.4 views

EUVD-2025-202442

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS6.9AI score0.00144EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.3 views

UBICOD Medivision Digital Signage 跨站请求伪造漏洞

UBICOD Medivision Digital Signage is a digital signage software for healthcare environments from UBICOD Medivision, a South Korean company. A cross-site request forgery vulnerability exists in UBICOD Medivision Digital Signage version 1.5.1, which stems from a lack of request validation and could...

8.8CVSS6.7AI score0.00255EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2025/12/10 12:0 a.m.154 views

📄 YOURLS 1.8.2 SQL Injection

Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...

7.4CVSS8.2AI score0.01994EPSS
Exploits5
Snyk
Snyk
added 2025/12/09 5:24 p.m.2 views

Cross-site Scripting (XSS)

Overview shopware/storefront is a storefront for Shopware. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the waitTime or errorSnippet parameters in the login page, which are rendered directly in the template without input validation. An attacker can execute...

7.1CVSS5.4AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...

9.1CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 10:44 a.m.16 views

CVE-2025-40801

The CVE-2025-40801 family describes a vulnerability where the SALT (Siemens Advanced Licensing Toolkit) SDK omits server certificate validation when establishing TLS connections to the authorization server. This allows potential man-in-the-middle attacks affecting Siemens products such as COMOS, ...

9.2CVSS7.2AI score0.0023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.5 views

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.1AI score0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.20 views

CVE-2025-65288

A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...

0.0035EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49832

Name of the Vulnerable Software and Affected Versions COMOS versions prior to V10.6 NX versions prior to V2412.8700 NX versions prior to V2506.6000 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Solid Edge SE2025 versions prior to V225.0 Update 10 Solid Edg...

9.1CVSS8.9AI score0.00185EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2025/12/09 12:0 a.m.6 views

Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS7.3AI score0.00638EPSS
Exploits0References1
Rows per page
Query Builder