Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References3
Patchstack
Patchstack
added last week4 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - File Uploads = 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability discovered by Ad4m5 in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week38 views

CVE-2026-13369 Ninja Forms - File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...

7.5CVSS0.00522EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8027

Malware in sbrugna...

7.5CVSS7.4AI score0.03079EPSS
Exploits0References13
OSV
OSV
added 2024/03/06 10:58 a.m.58 views

BIT-NEOS-2022-30429

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

5.4CVSS5.5AI score0.00564EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.30 views

Neos 跨站脚本漏洞

Neos/forms is an open source framework for building web forms. A security vulnerability exists in Neos CMS versions 3.3.29 and 8.0.1, which stems from the presence of multiple cross-site scripting vulnerabilities...

5.4CVSS5.4AI score0.00564EPSS
Exploits1References3
CNVD
CNVD
added 2019/11/01 12:0 a.m.2 views

Advantech WISE-PaaS/RMM XML External Entity Injection Vulnerability

Advantech WISE-PaaS/RMM is an IoT device remote monitoring and management platform. An XML External Entity Injection XXE vulnerability exists in Advantech WISE-PaaS/RMM 3.3.29 and earlier versions. An attacker can exploit this vulnerability to obtain sensitive data...

7.5CVSS7.2AI score0.03079EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/01 12:0 a.m.2 views

Advantech WISE-PaaS/RMM Path Traversal Vulnerability

Advantech WISE-PaaS/RMM is an IoT device remote monitoring and management platform. A path traversal vulnerability exists in Advantech WISE-PaaS/RMM 3.3.29 and earlier versions. The vulnerability stems from failure to properly validate a user-supplied path before using it for file operations. An...

10CVSS7.4AI score0.04907EPSS
Exploits0References1
Rows per page
Query Builder