Lucene search
K

23 matches found

CVE
CVE
added 2026/06/21 5:30 a.m.20 views

CVE-2026-12780

AOMEI Backupper Kernel Driver amwrtdrv.sys (library within the Kernel Driver) up to version 8.3.0 is affected. The vulnerability enables local privilege escalation via improper access control in amwrtdrv.sys. Exploitation is local and reportedly has public disclosure; no exploit vector details ar...

8.5CVSS6.5AI score0.00111EPSS
Exploits0References5
NVD
NVD
added 2026/01/22 5:15 p.m.3 views

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

4.3CVSS0.00133EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-6389

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

9.8CVSS6.1AI score0.43399EPSS
In wildExploits3References3
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.3 views

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT version v8.3.4, which stems from the presence of reflective cross-site scripting in the CSV import workflow, which could lead to the execution of arbitrary...

6.1CVSS6.1AI score0.00215EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.6 views

CVE-2025-13196

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

5.4CVSS4.9AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 4:15 p.m.4 views

CVE-2025-63601

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands...

9.9CVSS8.3AI score0.00587EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/03 6:31 p.m.13 views

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.9AI score0.00238EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/03 6:15 p.m.9 views

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS0.00238EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.5 views

Shenzhen Guoxin Synthesis Image System Security Vulnerability

Shenzhen Guoxin Synthesis image system is an image system from Shenzhen Guoxin Synthesis, a company based in Shenzhen, China. A security vulnerability exists in Shenzhen Guoxin Synthesis Image System versions prior to 8.3.0 that originates from allowing unauthorized user information to be retriev...

7.5CVSS6.4AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.4 views

PT-2024-21028 · Unknown · Livemesh Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Livemesh Addons for Elementor versions n/a through 8.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

6.5CVSS9.1AI score0.00317EPSS
Exploits0References7
OSV
OSV
added 2023/05/11 10:15 p.m.2 views

CVE-2023-29276

Adobe Substance 3D Painter versions 8.3.0 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.6AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.4 views

Adobe Substance 3D Painter 缓冲区错误漏洞

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...

7.8CVSS7.3AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2022/06/17 4:15 p.m.5 views

CVE-2022-32442

u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...

6.1CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2020/07/24 2:15 p.m.2 views

UBUNTU-CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.8CVSS6.8AI score0.12996EPSS
Exploits6References5
CNVD
CNVD
added 2019/03/08 12:0 a.m.3 views

zzcms SQL Injection Vulnerability (CNVD-2019-13260)

ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...

9.8CVSS8.4AI score0.01537EPSS
Exploits1References1
CNVD
CNVD
added 2018/10/29 12:0 a.m.4 views

zzcms SQL Injection Vulnerability (CNVD-2018-26013)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the ajax/zs.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of pxzs cookie...

9.8CVSS9.8AI score0.01202EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/18 12:0 a.m.2 views

SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19952)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/09/18 12:0 a.m.3 views

SQL injection vulnerability in ZZCMS 8.3 sp***.php file

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the sp.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/09/17 12:0 a.m.3 views

zzcms SQL Injection Vulnerability (CNVD-2018-19742)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the /user/check.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to execute SQL commands with the help of Client-Ip HTTP packet header...

9.8CVSS10AI score0.01202EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/08 12:0 a.m.3 views

Denial of Service Vulnerability in RSA Authentication Manager

Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the security...

7.1CVSS7.1AI score0.16968EPSS
Exploits5References1
Rows per page
Query Builder