Lucene search
K

1395 matches found

NVD
NVD
added 2025/11/11 4:15 a.m.8 views

CVE-2025-12588

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46333

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...

5.1CVSS7.3AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.3 views

WordPress plugin USB Qr Code Scanner For Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00131EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS6AI score0.03054EPSS
In wildExploits2References80
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-46154

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description The issue concerns missing TLS certificate validation in JetBrains YouTrack. This lack of validation disables proper verification of server certificates when establishing TLS...

8.1CVSS6.5AI score0.002EPSS
Exploits0References8
EUVD
EUVD
added 2025/11/08 12:30 p.m.4 views

EUVD-2025-38370

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcontactattributeimport function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above...

7.2CVSS6.8AI score0.0047EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.12 views

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS6.8AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.4 views

EUVD-2025-38261

AstrBot has an arbitrary file read vulnerability in function encodeimagebs64...

6.5AI score0.00281EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

6.8CVSS6.7AI score0.00112EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

Onlook 安全漏洞

Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32, which stems from the API not validating the ownership or membership of the current authenticated user for the requested item ID, potentially resulting in compromised...

7.6CVSS6.9AI score0.0026EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/06 9:31 p.m.7 views

MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS6.6AI score0.00313EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/06 9:7 p.m.5 views

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

7.4CVSS6.1AI score0.00313EPSS
Exploits0References4
NVD
NVD
added 2025/11/06 4:15 a.m.7 views

CVE-2025-10691

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS0.00108EPSS
Exploits0References2
OSV
OSV
added 2025/11/05 7:16 p.m.5 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

6.8CVSS5.8AI score0.00112EPSS
Exploits1References2
OSV
OSV
added 2025/11/05 6:15 p.m.4 views

CVE-2025-56231

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections...

9.1CVSS5.8AI score0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.4 views

CVE-2025-12416

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

6.1CVSS4.6AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.3 views

CVE-2025-12188

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...

4.3CVSS5.3AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 12:0 a.m.10 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

0.00112EPSS
Exploits1References2
CNVD
CNVD
added 2025/11/05 12:0 a.m.2 views

Simple Online Hotel Reservation System Code Issue Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System has a code issue vulnerability that stems from a lack of valid validation of uploaded files by the Photo Handler component in file /admin/editroom.php. An attacker can use th...

7.2CVSS7.3AI score0.00387EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.4 views

PT-2025-45152

Name of the Vulnerable Software and Affected Versions GOG Galaxy version 2.0.0.2 Description GOG Galaxy version 2.0.0.2 is susceptible to a missing SSL certificate validation issue. An attacker with control over the local network, DNS, or a proxy can conduct a man-in-the-middle MitM attack. This...

6.8CVSS6.1AI score0.00112EPSS
Exploits1References5
Rows per page
Query Builder