Lucene search
K

24 matches found

EUVD
EUVD
added 3 hours ago7 views

EUVD-2026-41784

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

7.2CVSS5.9AI score0.00652EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 10:0 a.m.3 views

CLEANSTART-2026-JW58725 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2x5j-vhc8-9cwm, ghsa-2xsj-vh29-9cwm, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-r6j8-c6r2-37rr applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.0.22-r0, 3.0.23-r0, 3.0.23-r1, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4

Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...

9.9CVSS7.1AI score0.04518EPSS
Exploits3References46
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.5 views

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

6.8CVSS5.4AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 4:16 p.m.14 views

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

6.8CVSS0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 3:14 p.m.25 views

CVE-2026-23795 Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

0.00827EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Eclipse Jersey 竞争条件问题漏洞

Eclipse Jersey is a Java Web services development framework from the Eclipse Foundation. A Competitive Conditions Issue vulnerability exists in Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9, which stems from a competitive condition that could lead to the omission of critical SSL configurations,...

9.4CVSS6.1AI score0.00271EPSS
Exploits0References4
NVD
NVD
added 2025/07/16 11:15 a.m.15 views

CVE-2025-54039

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...

4.3CVSS0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 10:36 a.m.11 views

CVE-2025-54039 WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...

4.3CVSS0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.2 views

CVE-2025-54039 WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...

4.3CVSS5.1AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.3 views

WordPress plugin Animator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reque...

4.3CVSS6.5AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 a.m.7 views

CVE-2019-1010207

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting XSS. The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/he...

6.1CVSS6.6AI score0.01548EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/10/17 12:0 a.m.20 views

OpenSSL OOB Memory Access Vulnerability (20241016) - Linux

OpenSSL is prone to an out of bound OOB memory access vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.9AI score0.05966EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...

7.5CVSS6.7AI score0.0307EPSS
Exploits0References4
Prion
Prion
added 2021/09/24 6:15 p.m.28 views

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

4CVSS5.3AI score0.01171EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/07/23 2:15 p.m.4 views

CVE-2019-1010207

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting XSS. The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/he...

6.1CVSS6.3AI score0.01548EPSS
Exploits0References3
CNVD
CNVD
added 2018/12/06 12:0 a.m.3 views

LOCKON EC-CUBE Open Redirect Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, aesthetic layout and so on. An open redirection vulnerability exists in LOCKON EC-CUBE versions 3.0.x through 3.0.16. An attacker can exploit this...

6.1CVSS6AI score0.01297EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/03 7:4 p.m.2 views

plexus-utils: Mishandled strings in Commandline class allow for command injection

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS5.8AI score0.06543EPSS
Exploits0References4
OSV
OSV
added 2017/10/24 6:33 p.m.21 views

GHSA-92W9-2PQW-RHJJ actionpack Improper Authentication vulnerability

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access...

5CVSS6AI score0.01905EPSS
Exploits1References7
Rows per page
Query Builder