Lucene search
K

13 matches found

EUVD
EUVD
added 2026/05/08 3:56 p.m.9 views

EUVD-2026-28807

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS
Exploits1References2
NVD
NVD
added 2025/11/06 6:15 a.m.7 views

CVE-2025-12560

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

4.3CVSS0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/10/18 7:15 a.m.7 views

CVE-2025-10006

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References2
OSV
OSV
added 2025/09/29 5:53 p.m.5 views

GHSA-H7RH-XFPJ-HPCM MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

8.7CVSS6.6AI score0.00458EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.7 views

CVE-2024-53554

A Client-Side Template Injection CSTI vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details...

8CVSS8.2AI score0.00708EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:52 p.m.7 views

CVE-2025-31852 WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

4.3CVSS7.2AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.4 views

PT-2025-2959 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers with low privileges to perform various unauthorized actions. This includes adding an admin...

8.8CVSS6.7AI score0.0053EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

Curl 安全漏洞

Curl is a tool for transferring data from or to a server. A security vulnerability exists in Curl versions 8.6.0 through 8.6.0 that stems from the fact that libcurl skips certificate validation for QUIC connections under certain conditions when using WolfSSL...

6.3CVSS6.6AI score0.01709EPSS
Exploits1References6
OSV
OSV
added 2022/03/16 6:16 a.m.5 views

SUSE-FU-2022:0868-1 Feature update for tcl and tk

This feature update for tcl and tk fixes the following issues: Update tcl and tk to version 8.6.12 jscSLE-21016, jscSLE-23284: - Move tcl.macros to /usr/lib/rpm/macros.d bsc1185662 - Use FAT LTO objects in order to provide proper static library bsc1138797 - Fix a bug in itcl that was affecting...

7.8CVSS8.2AI score0.01639EPSS
Exploits1References6
CNVD
CNVD
added 2020/04/16 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Knowledge (CNVD-2020-26992)

Oracle Knowledge is a complete knowledge management solution that provides personalized and seamless cross-channel service and support. A security vulnerability exists in the InQuira Search component in Oracle Knowledge 8.6.0-8.6.3. An attacker could exploit the vulnerability to cause a denial of...

5.9CVSS8.3AI score0.01446EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/09/30 12:0 a.m.4 views

PT-2019-16903 · Ibm · Ibm Websphere Extreme Scale

Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system, potentially leading to information disclosure. Recommendations: For IBM WebSphere...

4CVSS4.1AI score0.0034EPSS
Exploits0References3
CNVD
CNVD
added 2018/01/25 12:0 a.m.6 views

IBM Business Process Manager Cross-Site Request Forgery Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site request forgery vulnerability exists in...

8.8CVSS6.8AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/22 12:0 a.m.7 views

Multiple Cross-Site Request Forgery Vulnerabilities in Cisco Unified MeetingPlace Server

Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. Multiple cross-site request forgery vulnerabilities exist in the API functionality in Cisco Unified MeetingPlace version 8.6 1.9, which can be exploited by a remote attacker...

6.8CVSS7.3AI score0.01287EPSS
Exploits0References1
Rows per page
Query Builder