Lucene search
K

223 matches found

Cvelist
Cvelist
added 2026/01/09 9:19 a.m.29 views

CVE-2025-13853 Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datatech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/09 9:19 a.m.5 views

CVE-2025-13853 Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datatech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.8AI score0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.18 views

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...

8.8CVSS7.2AI score0.00657EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/06 4:36 p.m.25 views

CVE-2025-69351 WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.4...

8.5CVSS0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54273

Name of the Vulnerable Software and Affected Versions Simple Archive Generator versions through 5.2 Description A Cross-Site Request Forgery CSRF issue exists in Simple Archive Generator, which also allows for Stored Cross-Site Scripting XSS. The issue allows for unauthorized actions to be...

7.1CVSS5.3AI score0.00094EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52223

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7...

7.5CVSS6.9AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 8:13 a.m.7 views

CVE-2025-68071

CVE-2025-68071 describes an Insecure Direct Object Reference (IDOR) in the WordPress plugin “Essential Real Estate” (vendor: g5theme, affected: Essential Real Estate

6.5CVSS5.7AI score0.00217EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:43 a.m.11 views

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

9.8CVSS7.4AI score0.03111EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67519

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...

7.6CVSS7.7AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67586

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

4.7CVSS7AI score0.00407EPSS
Exploits2References1
NVD
NVD
added 2025/12/09 4:18 p.m.9 views

CVE-2025-67586

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

4.7CVSS0.00407EPSS
Exploits2References1
PyPA
PyPA
added 2025/12/02 4:15 p.m.12 views

PYSEC-2025-109

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7.3AI score0.02143EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/02 8:23 a.m.6 views

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

9.8CVSS7.3AI score0.00461EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/01 8:32 a.m.6 views

EUVD-2025-199973

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

6.5CVSS6.2AI score0.00552EPSS
Exploits1References6
NVD
NVD
added 2025/12/01 8:15 a.m.5 views

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

9.8CVSS0.00461EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/01 7:2 a.m.7 views

EUVD-2025-199958

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

6.3CVSS5.2AI score0.00409EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/25 5:15 a.m.5 views

"FOD" App uses hard-coded cryptographic keys

Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...

5.1CVSS4.7AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.4 views

CVE-2025-11446

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...

7.3CVSS6.9AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/11/20 8:16 p.m.5 views

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS0.00281EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/12 7:25 a.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2.2 Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile...

9.8CVSS6.9AI score0.04146EPSS
Exploits8Affected Software2
Rows per page
Query Builder