Lucene search
K

26 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-4178

Malware in sbrugna...

5.5CVSS5.5AI score0.00422EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24741

Malicious code in bioql PyPI...

8.5CVSS6.5AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 11:56 p.m.5 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.3AI score0.00498EPSS
Exploits0References5
CVE
CVE
added 2025/09/04 11:56 p.m.56 views

CVE-2025-58362

Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...

7.5CVSS6.1AI score0.00498EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/08/14 11:15 a.m.3 views

CVE-2025-30998

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through = 4.9.6...

8.5CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.14 views

CVE-2025-30998

CVE-2025-30998 affects WordPress WP Links Page (versions up to 4.9.6). Root cause: improper neutralization of special elements in SQL commands, enabling SQL injection. Impact per available data: potential high confidentiality impact and low availability impact (CVSS 3.1 base 8.5). Public document...

8.5CVSS5.9AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

WordPress plugin WP Links Page SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...

8.5CVSS7.5AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/19 12:59 p.m.15 views

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

6.4CVSS6.7AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/05/17 11:17 a.m.56 views

CVE-2025-3527

CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...

6.4CVSS6.2AI score0.00179EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/29 6:18 p.m.12 views

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

6.5CVSS6.7AI score0.00763EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/11/02 12:0 a.m.7 views

WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...

4.8CVSS5.8AI score0.0032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/06 9:15 p.m.4 views

GHSA-X3CQ-8F32-5F63 Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.5 views

SUSE CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...

5.4CVSS6.6AI score0.03392EPSS
Exploits0References38
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.2 views

SUSE CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...

9.8CVSS9.6AI score0.67081EPSS
Exploits1References5
Gentoo Linux
Gentoo Linux
added 2021/01/27 12:0 a.m.63 views

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

9.8CVSS2.5AI score0.67081EPSS
Exploits1
OSV
OSV
added 2020/10/16 12:23 p.m.8 views

OPENSUSE-SU-2020:1675-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: - phpMyAdmin was updated to 4.9.6 CVE-2020-26934: Fixed an XSS relating to the transformation feature boo1177561. CVE-2020-26935: Fixed an SQL injection in SearchController boo1177562...

9.8CVSS8.1AI score0.67081EPSS
Exploits1References5
CNVD
CNVD
added 2019/06/19 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in CatFishCMS V4.9.6

CatfishCMS is an open source content management system CMS written in PHP. A stored cross-site scripting vulnerability exists in CatFishCMS V4.9.6. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

6.3AI score
Exploits0
OSV
OSV
added 2019/04/09 4:29 p.m.1 views

DEBIAN-CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...

5.4CVSS8.2AI score0.03392EPSS
Exploits0References1
CVE
CVE
added 2019/03/17 7:11 p.m.62 views

CVE-2018-18435

KioWare Server

7.8CVSS7.6AI score0.01375EPSS
Exploits5References5Affected Software1
CNVD
CNVD
added 2019/01/09 12:0 a.m.5 views

KioWare Server Elevation of Privilege Vulnerability

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare Server 4.9.6 and prior versions. An attacker can exploit this vulnerability by replacing the KWSService service...

7.8CVSS6.8AI score0.01375EPSS
Exploits5References1
Rows per page
Query Builder