CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2025/09/09 12:0 a.m.•6 views

WordPress Plugin AdForest Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin AdForest 6.0.9 and prior versions, which stems from...

9.8CVSS6.9AI score0.00501EPSS

RedhatCVE•added 2025/09/08 3:12 a.m.•10 views

CVE-2025-8359

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...

9.8CVSS5.9AI score0.00501EPSS

Vulnrichment•added 2025/09/06 2:24 a.m.•7 views

CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin

9.8CVSS5.4AI score0.00501EPSS

Exploits1References2

Patchstack•added 2025/09/06 12:0 a.m.•12 views

WordPress AdForest Theme <= 6.0.9 is vulnerable to Broken Authentication

Software AdForest Type Theme Vulnerable versions = 6.0.9 Fixed in 6.0.10 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-8359 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f086df38edf9 Credits Tonn Required...

9.8CVSS7.1AI score0.00501EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/02/25 9:21 a.m.•21 views

CVE-2024-13695 Enfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachmentid' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00137EPSS

Exploits0References2

CNNVD•added 2024/11/15 12:0 a.m.•2 views

WordPress plugin Essential Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

8CVSS8AI score0.00915EPSS

Exploits0References3

Cvelist•added 2024/10/25 12:0 a.m.•13 views

CVE-2024-48743

Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter...

0.02065EPSS

CNNVD•added 2024/10/25 12:0 a.m.•2 views

Sentry 安全漏洞

Sentry is an open source bug tracking and performance monitoring platform for developers from Sentry. A security vulnerability exists in Sentry version v.6.0.9. An attacker can exploit the vulnerability to execute arbitrary code via the z parameter...

6.5CVSS7.7AI score0.02065EPSS

Positive Technologies•added 2024/10/16 12:0 a.m.•3 views

PT-2024-11049 · WordPress · Google Language Translator

Name of the Vulnerable Software and Affected Versions: Google Language Translator plugin for WordPress versions up to, and including, 6.0.9 Description: The issue is related to Reflected Cross-Site Scripting via multiple parameters due to insufficient input sanitization and output escaping. This...

7.1CVSS6.6AI score0.00285EPSS

Exploits0References10

CNNVD•added 2024/04/25 12:0 a.m.•0 views

ThinkCMF 安全漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.9, which stems from a file upload vulnerability in UeditorController.php...

9.8CVSS7AI score0.00135EPSS

Exploits1References2

Vulnrichment•added 2024/03/05 12:0 a.m.•15 views

CVE-2024-22889

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

6.8AI score0.00554EPSS

OSV•added 2022/12/08 2:34 a.m.•7 views

GSD-2022-1007792 drm/amdkfd: handle CPU fault on COW mapping

drm/amdkfd: handle CPU fault on COW mapping This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

OSV•added 2022/12/08 2:33 a.m.•6 views

Exploits0

GSD-2022-1007783 net: tun: call napi_schedule_prep() to ensure we own a napi

net: tun: call napischeduleprep to ensure we own a napi This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

Exploits0

PT-2022-36057 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to a wrong reg type conversion in the release reference function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.1AI score

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

PT-2022-36035 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to an error handling path in the mctp init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior ...

7.1AI score

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

PT-2022-36012 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: A potential memory leak issue was identified in the 'add widget node' function of the ALSA hda module. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

PT-2022-36056 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to a potential panic on frag list with mixed head alloc types in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...