Lucene search
K

303 matches found

Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.8 views

CVE-2025-39570 WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...

8.8CVSS7.2AI score0.00662EPSS
Exploits0References1
NVD
NVD
added 2025/04/07 9:15 a.m.21 views

CVE-2025-30473

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command...

8.8CVSS0.00833EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/05 12:34 a.m.19 views

CVE-2025-29504

Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification...

7.8CVSS7.1AI score0.00171EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.4 views

PT-2025-14803 · Unknown · Student-Manage

Name of the Vulnerable Software and Affected Versions: student-manage version 1 Description: The issue allows a local attacker to escalate privileges due to insecure permission verification. This is achieved through the unsafe permission verification process. Recommendations: For version 1,...

7.8CVSS6.6AI score0.00171EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.6 views

PT-2025-13671 · Legrand · Legrand Sms Powerview

Name of the Vulnerable Software and Affected Versions: Legrand SMS PowerView versions 1.x Description: A critical issue has been discovered, affecting an unknown functionality. The manipulation of the redirect argument leads to os command injection. The exploit has been publicly disclosed. There ...

5.5CVSS5.9AI score0.00878EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.6 views

Legrand SMS PowerView 安全漏洞

Legrand SMS PowerView is an intelligent power management system from Legrand SMS that allows users to remotely monitor and control power devices via SMS. A security vulnerability exists in Legrand SMS PowerView version 1.x. The vulnerability stems from the fact that incorrect operation of the...

6.5CVSS6.5AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 11:33 a.m.10 views

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

8.1CVSS5.6AI score0.00746EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.3 views

CM Soluces Informatica Auto Atendimento 安全漏洞

CM Soluces Informatica Auto Atendimento is an application from CM Soluces Informatica, Inc. A security vulnerability exists in CM Soluces Informatica Auto Atendimento version 1.x.x, which originates from SQL injection...

9.8CVSS7.5AI score0.00458EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.12 views

CVE-2025-23505 WordPress Pit Login Welcome plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through = 1.1.5...

7.1CVSS0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:18 p.m.6 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS5.8AI score0.00698EPSS
Exploits1References1
CVE
CVE
added 2024/12/20 7:48 p.m.94 views

CVE-2024-56331

CVE-2024-56331 affects Uptime Kuma’s real-browser monitor, enabling Local File Inclusion via file:/// URLs. The vulnerability arises from insufficient server-side validation of the URL input, allowing an authenticated user to trigger the browser to fetch and capture local files (e.g., /etc/passwd...

6.8CVSS6.5AI score0.01793EPSS
Exploits0References2
OSV
OSV
added 2024/12/12 2:3 a.m.7 views

AZL-54294 CVE-2024-47600 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the formatchannelmask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the...

9.1CVSS6.7AI score0.01123EPSS
Exploits0References1
OSV
OSV
added 2024/10/19 10:15 a.m.5 views

CVE-2024-9897

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00321EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/02 5:45 a.m.4 views

Malicious code in verida-tech-demos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ded9af82932dfcd9a6021dbd383ebadc322bdfc63b8c68d1981537b14ab226b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/09/03 7:45 p.m.46 views

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability CVE-2024-45048. To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, pleas...

8.8CVSS6.8AI score0.0057EPSS
Exploits1References3Affected Software3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.532 views

SNMP Community Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...

6.9AI score0.27166EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/07/01 12:0 a.m.65 views

Debian dsa-5724 : openssh-client - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5724 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5724-1 [email protected] https://www.debian.org/security/...

8.1CVSS7.9AI score0.99506EPSS
Exploits68References4
CVE
CVE
added 2024/06/25 11:58 p.m.81 views

CVE-2024-5460

CVE-2024-5460 affects Brocade Fabric OS versions before 9.0.0, where a hard-coded, default SNMP community string in the SNMP daemon config enables an authenticated, remote attacker to read data from the device. Exploitation via SNMP v1 with the static community string is implied; the vulnerabilit...

8.1CVSS8AI score0.00542EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/22 12:0 a.m.34 views

Debian dla-3834 : libnetty-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS6.4AI score0.0138EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.4 views

PT-2024-27696 · Trendnet · Trendnet Tew-814Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version 1 FW1.01B01 Description: A stack overflow issue was discovered via the submit-url parameter at the "/formPasswordAuth" API endpoint. Recommendations: For TRENDnet TEW-814DAP version 1 FW1.01B01, avoid using the...

8.8CVSS7.2AI score0.00683EPSS
Exploits1References3
Rows per page
Query Builder