Lucene search
+L

292 matches found

Nuclei
Nuclei
added yesterday66 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS5.2AI score0.02362EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 3:44 a.m.5 views

EUVD-2026-43141

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.6 views

SUSE SLED15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2026:2835-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2835-1 advisory. This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an...

9.2CVSS6.2AI score0.00463EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

SUSE SLES15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2026:2834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2834-1 advisory. This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an unauthenticated, remote...

9.2CVSS6.2AI score0.00463EPSS
Exploits0References25
OSV
OSV
added 2026/07/07 4:57 p.m.3 views

SUSE-SU-2026:22574-1 Security update for clamav

This update for clamav fixes the following issues: Update to version 1.5.3. Security issues fixed: - CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files during scanning bsc1270107. - CVE-2026-20214: out-of-bounds write due to improper boundary checks for...

9.2CVSS6.2AI score0.00463EPSS
Exploits0References17
CVE
CVE
added 2026/06/26 2:52 p.m.16 views

CVE-2025-63079

CVE-2025-63079 concerns the WordPress plugin Live Copy Paste for Elementor (versions

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52711

Name of the Vulnerable Software and Affected Versions Live Copy Paste for Elementor versions prior to 1.5.4 Description Broken access control allows users with the Contributor role to perform unauthorized actions. Recommendations Update Live Copy Paste for Elementor to version 1.5.4 or later...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36920

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:17 p.m.19 views

CVE-2026-34898

The CVE-2026-34898 entry concerns the WordPress plugin “Event Tickets Manager for WooCommerce” (versions &lt;= 1.5.3). It describes Unauthenticated Broken Access Control, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, base score 7.5 (HIGH). The vulnerability impacts integrity (...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49365

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35608

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

6.1CVSS5.4AI score0.00187EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Grunt

The file.copy operations in GruntJS are vulnerable to a TOCTOU race condition, which can lead to arbitrary file writes in the GitHub repository gruntjs/grunt before version 1.5.3. This vulnerability allows for arbitrary file writes that can lead to local privilege escalation to the GruntJS user...

7.8CVSS7AI score0.00299EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 5:16 p.m.6 views

CVE-2026-35608

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

6.1CVSS0.00187EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 4:35 p.m.3 views

CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS5.9AI score0.00187EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 4:35 p.m.16 views

CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS0.00187EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 4:35 p.m.7 views

EUVD-2026-19784

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS5.9AI score0.00187EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 4:35 p.m.2 views

CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS6AI score0.00187EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30909

Name of the Vulnerable Software and Affected Versions QuickDrop versions prior to 1.5.3 Description QuickDrop, a file sharing application, contains a stored cross-site scripting XSS issue in the file preview functionality. The application allows the upload of SVG files via the...

5.3CVSS5.6AI score0.00187EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/04 10:54 p.m.6 views

CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

10CVSS5.8AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.4 views

CVE-2026-34745

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

9.1CVSS6AI score0.00621EPSS
Exploits1References1
Rows per page
Query Builder