Lucene search
+L

92 matches found

OSV
OSV
added 2025/04/24 7:21 a.m.7 views

BIT-PHPMYADMIN-2025-24529

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...

6.4CVSS5.8AI score0.00393EPSS
Exploits0References3
NVD
NVD
added 2025/04/14 8:15 a.m.15 views

CVE-2025-31344

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...

7.3CVSS0.00249EPSS
Exploits0References10
OSV
OSV
added 2025/04/14 8:15 a.m.7 views

ALPINE-CVE-2025-31344

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...

7.3CVSS7.1AI score0.00249EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/29 3:2 a.m.4 views

SUSE CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.8AI score0.00693EPSS
Exploits0References22
Snyk
Snyk
added 2025/03/21 10:4 p.m.6 views

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...

8.7CVSS6.8AI score0.00693EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/03/21 9:42 p.m.26 views

CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.6AI score0.00693EPSS
Exploits0
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.6 views

WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS7.6AI score0.01324EPSS
Exploits0References6
OSV
OSV
added 2025/01/23 6:31 a.m.8 views

GHSA-222V-CX2C-Q2F5 phpMyAdmin XSS when checking tables

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...

6.4CVSS6AI score0.00403EPSS
Exploits0References5
OSV
OSV
added 2025/01/23 6:15 a.m.8 views

CVE-2025-24529

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...

6.2AI score
Exploits0References1
NVD
NVD
added 2025/01/23 6:15 a.m.12 views

CVE-2025-24530

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...

6.4CVSS0.00403EPSS
Exploits0References2
OSV
OSV
added 2025/01/23 6:15 a.m.3 views

UBUNTU-CVE-2025-24529

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...

6.4CVSS5.7AI score0.00393EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/01/23 12:0 a.m.9 views

CVE-2025-24530

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...

6.4CVSS8.1AI score0.00403EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.9 views

PT-2024-17356 · WordPress · 워드프레스 결제 심플페이 – 우커머스 결제 플러그인

Name of the Vulnerable Software and Affected Versions: 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress versions up to, and including, 5.2.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

6.1CVSS6.7AI score0.0036EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-27369 · Woocommerce · Woocommerce Customers Order History

Name of the Vulnerable Software and Affected Versions: WooCommerce Customers Order History versions through 5.2.2 Description: The issue is related to a Missing Authorization vulnerability in WooCommerce Customers Order History, allowing exploitation of incorrectly configured access control...

4.3CVSS7.2AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 3:15 p.m.5 views

CVE-2024-35651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.2 views

Xiamen Four-Faith RMP Router Management Platform SQL注入漏洞

Xiamen Four-Faith RMP Router Management Platform is an online chat system from Xiamen Four-Faith, China. A SQL injection vulnerability exists in Xiamen Four-Faith RMP Router Management Platform version 5.2.2, which stems from an incorrect operation of the parameter groupId that can lead to sql...

6.5CVSS7.3AI score0.0043EPSS
Exploits0References5
OSV
OSV
added 2023/10/06 8:43 p.m.25 views

GHSA-622H-H2P8-743X JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

9.4CVSS5.5AI score0.00461EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.11 views

WordPress Forms to Sendinblue Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Sendinblue Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 455e2c223c64 Credits Rafie Muhammad Patchstack...

6.5AI score0.00284EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/27 12:0 a.m.9 views

PT-2022-25553 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.1 Description: The issue concerns Incorrect Access Control in Zammad's asset handling mechanism. This mechanism is designed to prevent customer users from accessing personal information of other users. However, the logic wa...

6.5CVSS6.3AI score0.00669EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.8 views

Parse Server 信任管理问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A trust management issue vulnerability exists in versions of Parse Server prior to 5.2.2 that stems from an unvalidated certificate in the Apple Game Center authentication adapter, which can be...

8.6CVSS7.5AI score0.00824EPSS
Exploits0References5
Rows per page
Query Builder