Lucene search
K

25 matches found

Cvelist
Cvelist
added 2026/06/08 10:15 a.m.44 views

CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS0.00197EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/02 1:28 a.m.40 views

CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS0.00181EPSS
Exploits0References3
NVD
NVD
added 2026/05/24 4:16 a.m.16 views

CVE-2026-9349

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-32979

Name of the Vulnerable Software and Affected Versions next-intl versions prior to 4.9.1 Description Applications using the middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host. This occurs...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

6.2AI score0.00555EPSS
Exploits3References3
CVE
CVE
added 2026/01/16 4:44 a.m.48 views

CVE-2025-14384

CVE-2025-14384 affects the All in One SEO – Powerful SEO Plugin for WordPress (versions ≤ 4.9.2). It arises from a missing capability check on the REST route /aioseo/v1/ai/credits, allowing authenticated users with Contributor-level access and above to disclose the global AI access token. Wordfen...

4.3CVSS4.7AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 3:30 p.m.5 views

EUVD-2025-205198

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

8.8CVSS6.5AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 11:15 a.m.28 views

CVE-2025-13741 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...

4.3CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 2025/10/27 1:34 a.m.20 views

CVE-2025-62935

CVE-2025-62935 is a missing/broken authorization vulnerability in the WordPress plugin "Open Close Store for WooCommerce" (woc-open-close). Connected sources confirm a Broken Access Control / Missing Authorization issue affecting Open Close WooCommerce Store: affected versions include up to 5.0.0...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/25 6:49 a.m.10 views

CVE-2025-10637 Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure

The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagr...

5.3CVSS0.00277EPSS
Exploits0References4
CVE
CVE
added 2025/06/20 7:14 p.m.38 views

CVE-2025-48945

Affected component: pycares (Python module interfacing with c-ares). Vulnerability: use-after-free when a Channel object is garbage-collected while DNS queries are still pending, leading to a fatal Python error and interpreter crash. Versions: vulnerable prior to pycares 4.9.0 (fixed in 4.9.0). R...

8.2CVSS6.5AI score0.00389EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:19 a.m.6 views

CVE-2019-14968

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...

9.8CVSS8.2AI score0.01537EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin Newsletters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS7.9AI score0.00326EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/13 1:53 p.m.29 views

CVE-2025-26570 WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9...

7.1CVSS0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.4 views

Dell Storage Resource Manager 资源管理错误漏洞

Dell Storage Resource Manager is a software for managing storage resources from Dell USA. A resource management error vulnerability exists in Dell Storage Resource Manager version 4.9.0.0 and earlier, which stems from the presence of session fixation and can be exploited by an unauthenticated...

6.5CVSS6.8AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.5 views

PT-2023-31352

Name of the Vulnerable Software and Affected Versions Nextcloud iOS Files app versions prior to 4.9.2 Description The issue affects the Nextcloud iOS Files app, which is used to interact with the Nextcloud self-hosted productivity platform. It allows the application to be used without providing t...

4.3CVSS4.6AI score0.00288EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.8 views

PT-2023-32236 · Undefined · Undefined

‼ CVE-2023-5647 ‼ The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as...

9.6CVSS8.5AI score0.01626EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

Contiki-NG Buffer Error Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG 4.9 and earlier versions suffer from a buffer error vulnerability that stems from allowing an attacker to inject TCP packets resulting in out-of-bounds buffer reads...

5.3CVSS6.9AI score0.00386EPSS
Exploits0References4
OSV
OSV
added 2021/11/09 3:15 p.m.4 views

CVE-2019-18912

A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution...

7.8CVSS5.7AI score0.00277EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/11/04 1:47 a.m.7 views

tcpdump: Buffer over-read in print_trans() function in print-smb.c

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:printtrans for \MAILSLOT\BROWSE and \PIPE\LANMAN...

9.8CVSS6.5AI score0.04134EPSS
Exploits0References4
Rows per page
Query Builder