Lucene search
K

1395 matches found

CVE
CVE
added 2025/12/03 12:29 p.m.17 views

CVE-2025-12358

CVE-2025-12358 concerns ShopEngine Elementor WooCommerce Builder Addon for WordPress. Wordfence and related feeds describe a Cross-Site Request Forgery vulnerability in all versions up to 4.8.5, caused by missing nonce validation on the post_add_to_list function and an incorrect permissions callb...

4.3CVSS5.1AI score0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/03 5:0 a.m.6 views

CVE-2025-13606

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS5.2AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 4:37 a.m.16 views

CVE-2025-13606

The WordPress plugin WP Ultimate Exporter (Export All Posts, Products, Orders, Refunds & Users) is affected by Cross‑Site Request Forgery up to version 2.19 due to missing or incorrect nonce validation in parseData, enabling unauthenticated attackers to exfiltrate sensitive data (including user d...

6.5CVSS4.9AI score0.00133EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/28 5:6 a.m.6 views

Sanitization Bypass

python-ldap is vulnerable to Sanitization Bypass. The vulnerability is due to improper escaping in escapefilterchars when escapemode=1 is used, where crafted list or dict inputs bypass character escaping due to missing type validation, and attackers can exploit this to inject malicious LDAP filte...

6.9CVSS6.9AI score0.00294EPSS
Exploits1References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/28 2:54 a.m.11 views

CVE-2025-12578

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.9 views

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS7.8AI score0.00331EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.6 views

PT-2025-48216

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/26 3:30 a.m.4 views

EUVD-2025-199677

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS7.8AI score0.00331EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/26 12:39 a.m.8 views

CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php)

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS0.00331EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48129

Name of the Vulnerable Software and Affected Versions versions prior to 2025-9558 Description A potential out-of-bounds write issue exists in the gen prov start function within the pb adv.c file. The issue occurs because the full length of received data is copied into the link.rx.buf receiver...

7.6CVSS6.8AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/25 7:28 a.m.4 views

EUVD-2025-199563

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

4.3CVSS5AI score0.00129EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.3 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.5 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/24 6:31 a.m.2 views

EUVD-2025-198620

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

4.7CVSS6.2AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.3 views

CVE-2025-13142

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS5.4AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 9:33 p.m.19 views

CVE-2025-65092

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in the ESP32-P4 hardware JPEG decoder where the software JPEG parser lacks validation, allowing an out-of-bounds array access when processing crafted images. Affected versions are 5.5.1, 5.4.3, and 5.3.4; mitigations are fixes...

6.9CVSS6.6AI score0.00313EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/21 6:3 p.m.11 views

MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

7.5CVSS7.1AI score0.00328EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-13142

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS0.00106EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 7:31 a.m.17 views

CVE-2025-13134

CVE-2025-13134: WordPress AuthorSure plugin (versions

6.1CVSS5AI score0.00099EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/21 12:0 a.m.2 views

WordPress Community Events plugin SQL Injection Vulnerability

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...

7.5CVSS8.3AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder