Lucene search
K

11 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

6.5CVSS0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.16 views

CVE-2026-42378

CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions

6.5CVSS5.2AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.13 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.35 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.7CVSS0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:27 p.m.36 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS0.00218EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 10:23 p.m.13 views

Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/09/22 11:22 p.m.7 views

SUSE CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

9.8CVSS7.6AI score0.00391EPSS
Exploits1References3
OSV
OSV
added 2025/09/19 8:15 p.m.4 views

UBUNTU-CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

9.8CVSS5.9AI score0.00391EPSS
Exploits1References3
OSV
OSV
added 2024/10/01 9:15 a.m.7 views

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

9.8CVSS5.8AI score0.00575EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/07/14 12:0 a.m.8 views

PT-2021-3765 · Juniper Networks · Sbr Carrier

Name of the Vulnerable Software and Affected Versions: Juniper Networks SBR Carrier versions 8.4.1 through 8.4.1R18 Juniper Networks SBR Carrier versions 8.5.0 through 8.5.0R9 Juniper Networks SBR Carrier versions 8.6.0 through 8.6.0R3 Description: The issue is caused by a stack-based buffer...

9.8CVSS9.8AI score0.02314EPSS
Exploits0References3
CNVD
CNVD
added 2016/08/18 12:0 a.m.5 views

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability

Cisco Adaptive Security Appliances ASA, Adaptive Security Appliances Software is a set of firewall appliances from Cisco USA. The device also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A remote code execution vulnerability exists in the command-lin...

7.8CVSS8.3AI score0.22583EPSS
Exploits2References1
Rows per page
Query Builder