Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 8:16 p.m.5 views

CVE-2026-32948

sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...

7.8CVSS0.00304EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:48 p.m.5 views

CVE-2026-32948

sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...

6.7CVSS6.1AI score0.00304EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/24 6:48 p.m.5 views

CVE-2026-32948 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows

sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...

6.7CVSS6AI score0.00304EPSS
Exploits1References6
CVE
CVE
added 2026/03/24 6:48 p.m.20 views

CVE-2026-32948

CVE-2026-32948 affects sbt on Windows: when resolving VCS dependencies, sbt uses Process("cmd", "/c", ...), passing a user-controlled URI fragment (branch/tag/revision) without validation. Because cmd /c treats special characters (&, |, ;) as separators, a crafted fragment can inject and execute ...

7.8CVSS6.1AI score0.00304EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 9:16 p.m.22 views

CVE-2026-2378 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

7.4CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 9:16 p.m.10 views

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 is affected by an address bar spoofing issue. The browser could display a different domain in the address bar than the actual content after user interaction with crafted web content. Affected product: ArcSearch on Android, versions

7.4CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/05 6:15 p.m.6 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS0.00125EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:26 p.m.4 views

EUVD-2025-201466

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.2AI score0.00125EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49297

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...

5.5CVSS6.5AI score0.00125EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-4833

Malware in sbrugna...

9.8CVSS9.2AI score0.02313EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-5974

Malware in sbrugna...

6.5CVSS6.4AI score0.00992EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:49 a.m.3 views

CVE-2024-32827

Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7...

5.3CVSS7AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Kuku FM 安全漏洞

Kuku FM is an audiobook audio software from Kuku FM Inc. A security vulnerability exists in Kuku FM v1.12.7, which stems from the android:allowBackup=true setting and could lead to an attacker accessing sensitive plaintext data...

7.5CVSS5.9AI score0.00655EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.2 views

WordPress plugin Giveaways and Contests 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.7AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.3 views

PT-2024-24902 · Unknown · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: RafflePress Giveaways and Contests versions 1.12.7 and earlier Description: The issue is an Authentication Bypass by Spoofing vulnerability that allows Functionality Bypass. Recommendations: For versions 1.12.7 and earlier, update to a versio...

5.3CVSS6.5AI score0.00385EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/04/22 4:25 p.m.4 views

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability

IP Restriction Bypass vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.7...

5.3CVSS7AI score0.00385EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/11/15 11:15 p.m.9 views

CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

4.3CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2023/11/15 11:15 p.m.4 views

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

4.3CVSS7.2AI score0.00298EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.3 views

WordPress plugin Elementor Addon Elements security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.5AI score0.00927EPSS
Exploits0References4
Rows per page
Query Builder