Lucene search
+L

17 matches found

Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:37 a.m.3 views

CLEANSTART-2026-PE63912 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1

Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.02307EPSS
Exploits3References30
Cvelist
Cvelist
added 2025/11/24 7:30 a.m.15 views

CVE-2025-13596 Improper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

6.9CVSS0.00341EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/20 8:3 a.m.4 views

CVE-2025-47650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from n/a through = 2.15.06...

6.5CVSS5.2AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/03 12:0 a.m.6 views

XWiki Contrib Mocca Calendar Application 跨站脚本漏洞

XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the title of the View Events page...

6.4CVSS6AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/03 12:0 a.m.4 views

XWiki Contrib Mocca Calendar Application 跨站脚本漏洞

XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the background or text color fields...

6.4CVSS6AI score0.00238EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

ARM SCP-Firmware 安全漏洞

ARM SCP-Firmware is a firmware driver from ARM UK. A security vulnerability exists in ARM SCP-Firmware version 2.15.0 and earlier, which stems from a specially crafted SCMI message that causes the SCP to experience a Usage Fault and crash...

5.3CVSS6.5AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-1703

Name of the Vulnerable Software and Affected Versions SCP-Firmware versions up to and including 2.15.0 Description Specifically crafted SCMI messages sent to an SCP may lead to a Usage Fault and crash the SCP. Recommendations For SCP-Firmware versions up to and including 2.15.0, consider...

5.3CVSS6.5AI score0.00381EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/12/24 3:54 p.m.4 views

WordPress Tourfic plugin <= 2.15.3 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Thái An Thái An in WordPress Plugin Tourfic versions = 2.15.3...

6.5CVSS8.1AI score0.00514EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/29 5:18 a.m.6 views

WordPress Crypto plugin <= 2.15 - Cross-Site Request Forgery to Authentication Bypass vulnerability

Cross-Site Request Forgery to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.15...

8.8CVSS7AI score0.00266EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/06 8:15 p.m.1 views

DEBIAN-CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

7.4CVSS6.2AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.3 views

glibc 安全漏洞

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc version 2.15, which stems from a potential stack-based buffer overflow if the fixed-size cache of the Name Service Cache Daemon nscd is exhausted...

8.1CVSS7.2AI score0.0131EPSS
Exploits0References6
OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00414EPSS
Exploits0References4
NCSC
NCSC
added 2021/12/10 12:0 a.m.11 views

Vulnerability fixed in Apache Log4j2

A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...

10CVSS7.5AI score0.99999EPSS
Exploits355
Positive Technologies
Positive Technologies
added 2020/05/06 12:0 a.m.9 views

PT-2020-15397 · Jenkins · Jenkins Cas Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.15 and earlier Description: A cross-site request forgery issue allows attackers to create and manipulate tags, and to connect to an attacker-specified URL, by exploiting HTTP endpoints that do not require POST...

4.3CVSS4.5AI score0.44464EPSS
Exploits0References7
CNVD
CNVD
added 2018/03/07 12:0 a.m.5 views

Juniper AppFormix Elevation of Privilege Vulnerability

Juniper AppFormix is a Juniper Networks optimization and management software platform for public, private and hybrid clouds. A security vulnerability exists in Juniper AppFormix version 2.7, version 2.11 prior to 2.11.3, and version 2.15 prior to 2.15.2. An attacker could exploit the vulnerabilit...

9.8CVSS7.2AI score0.01074EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.9 views

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the glibc package up to version 2.15-r3 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

6.9CVSS6.7AI score0.14323EPSS
Exploits29References12Affected Software1
Rows per page
Query Builder