Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2025-13364

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38425

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.8 views

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS4.2AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 8:16 p.m.8 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 7:13 p.m.21 views

CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.16 views

CVE-2026-32364

CVE-2026-32364 relates to a Local File Inclusion in the WordPress Turbo Manager plugin (turbo-manager) via an improper control of the filename for include/require statements in PHP. The vulnerability affects Turbo Manager versions earlier than 4.0.8. The underlying issue is an insecure handling o...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 7:16 p.m.5 views

CVE-2026-31881

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

9.8CVSS0.0043EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.9 views

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

8.8CVSS6.3AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/16 11:22 p.m.32 views

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS0.00723EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the ScheduleService component, which uses service paths without quotes, potentially...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.7 views

CVE-2025-66869

Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...

7.5CVSS7.2AI score0.00286EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52163

Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through 4.8.122...

7AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2025/12/01 4:15 p.m.7 views

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

7.1CVSS0.00412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.13 views

CVE-2025-66093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

6.5CVSS6.3AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 9:15 p.m.33 views

CVE-2025-62523

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 8:10 p.m.10 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.8 views

PT-2025-44055

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously...

5CVSS6.4AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/26 3:53 p.m.12 views

CVE-2025-59842 JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

2.1CVSS0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.6 views

Astra Linux – Vulnerability in syslog-ng

syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...

7.5CVSS7.1AI score0.00313EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.7 views

CVE-2024-31009

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php...

6.5CVSS7.4AI score0.0074EPSS
Exploits1References1
Rows per page
Query Builder