Lucene search
K

114 matches found

CNNVD
CNNVD
added 2025/12/07 12:0 a.m.4 views

Sobey Media Convergence System 路径遍历漏洞

The Sobey Media Convergence System is a media convergence system from the Chinese company Sobey. A path traversal vulnerability exists in Sobey Media Convergence System versions 2.0 and 2.1, which can be caused by incorrect manipulation of the File parameter in the file...

9.8CVSS6.4AI score0.00385EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/05 5:31 a.m.6 views

EUVD-2025-201375

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 8:15 a.m.14 views

CVE-2025-13386

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/12 7:32 p.m.3 views

CVE-2025-13058 soerennb eXtplorer Filename cross site scripting

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as...

5.1CVSS3.8AI score0.0025EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/06 3:55 p.m.13 views

CVE-2025-60207 WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...

10CVSS0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

Mercku M6a 安全特征问题漏洞

Mercku M6a is a WiFi router from Mercku USA. A security feature issue vulnerability exists in Mercku M6a version 2.1.0 and earlier, which stems from the authentication system's use of predictable session tokens based on timestamps, which could lead to authentication bypass...

3.1CVSS6.8AI score0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.12 views

PT-2025-41363

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions up to and including 2.1.3 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting...

7.5CVSS6.5AI score0.00361EPSS
Exploits0References11
NVD
NVD
added 2025/10/02 3:15 p.m.14 views

CVE-2025-61096

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter...

6.5CVSS0.0024EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.4 views

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...

4.9CVSS4.4AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 8:26 p.m.16 views

CVE-2025-59826

Flag Forge CT F platform (CVE-2025-59826) is affected in version 2.1.0 where non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. The issue is mitigated by upgrading to version 2.2.0. Connected sources consistently describe the vuln...

7.6CVSS6.6AI score0.00215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/17 7:30 p.m.20 views

CVE-2025-59348 Dragonfly incorrectly handles a task structure’s usedTraffic field

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the AddTraffic method call, instead of the...

6.9CVSS0.00331EPSS
Exploits0References2
NVD
NVD
added 2025/09/05 7:15 p.m.7 views

CVE-2025-9057

The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/14 12:0 a.m.8 views

WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...

5.9CVSS6.9AI score0.0017EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/18 9:57 a.m.5 views

openjdk: Improve scripting supports (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

5.9CVSS7.2AI score0.00551EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.5 views

Drupal Commerce Eurobank (Redirect) 安全漏洞

Drupal Commerce Eurobank Redirect is a redirect banking tool for the Drupal community. A security vulnerability exists in Drupal Commerce Eurobank Redirect versions prior to 2.1.1, which stems from improper authorization and could lead to feature abuse...

8.8CVSS6.3AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/06/01 12:15 p.m.5 views

CVE-2025-25044

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.5AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/01 12:0 a.m.4 views

IBM Planning Analytics Local 路径遍历漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A path traversal vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from improperly restricted pathnames and could result in the deletion of files...

6.5CVSS6.2AI score0.00391EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:14 a.m.5 views

CVE-2024-30520

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1...

6.5CVSS8.6AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Melapress File Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.3AI score0.00271EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.7 views

ftcms 代码注入漏洞

ftcms is a content management system from ftcms Inc. A code injection vulnerability exists in version 2.1 of ftcms, which stems from an incorrect manipulation of the parameter title that could lead to a cross-site scripting attack...

4.8CVSS4.2AI score0.00289EPSS
Exploits1References6
Rows per page
Query Builder