Lucene search
K

109 matches found

RedhatCVE
RedhatCVE
added 2026/01/01 3:32 p.m.6 views

CVE-2025-62081

Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through =...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin Import into Easy Property Listings 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...

4.3CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

WordPress plugin WP Telegram Widget and Join Link 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

5.3CVSS6.6AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52122

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through = 2.2.0...

7.1AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.4 views

CVE-2025-67543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...

6.5CVSS6AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.2 views

CVE-2025-67550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

6.5CVSS6AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.2 views

CVE-2025-67550 WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

6.5CVSS5.6AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 11:15 p.m.7 views

CVE-2025-65947

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

8.7CVSS0.00303EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.4 views

CVE-2025-11168

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to eleva...

8.8CVSS0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 11:42 a.m.2 views

CVE-2025-64358 WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through = 2.2.3...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 9:15 a.m.6 views

CVE-2025-64289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...

5.9CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28174

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-32059

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00448EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31051

Malicious code in bioql PyPI...

8.2CVSS8.3AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-21691

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01635EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-31437

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/25 8:49 p.m.6 views

CVE-2025-59827

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges e.g., Staff to themselves. This could lead to privilege escalation and impersonation of administrative...

8.2CVSS6.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.3 views

CVE-2025-57987

Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through = 2.2.1...

5.3CVSS5.9AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 8:26 p.m.16 views

CVE-2025-59826

Flag Forge CT F platform (CVE-2025-59826) is affected in version 2.1.0 where non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. The issue is mitigated by upgrading to version 2.2.0. Connected sources consistently describe the vuln...

7.6CVSS6.6AI score0.00215EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder