Lucene search
K

18 matches found

Patchstack
Patchstack
added 2026/06/18 2:21 p.m.6 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/17 11:51 p.m.40 views

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

5.1CVSS0.00155EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.5 views

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.11 views

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

6.5CVSS7AI score0.00667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.3 views

CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.7AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/12/01 4:15 p.m.7 views

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

7.1CVSS0.00412EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.6 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...

8.2CVSS6.6AI score0.00287EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31279

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00254EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 10:15 p.m.3 views

DEBIAN-CVE-2024-13978

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2preadtiffinit of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally...

2CVSS3.9AI score0.00187EPSS
Exploits1References1
OSV
OSV
added 2025/01/24 2:15 p.m.11 views

CVE-2024-41739

IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion...

8.8CVSS5.8AI score0.00427EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.3 views

WordPress plugin FlickRocket 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FlickRocke...

6.1CVSS6.5AI score0.00376EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/05/15 7:0 a.m.4 views

WordPress SP Project & Document Manager plugin <= 4.71 - Data Update and File Download via IDOR vulnerability

Data Update and File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...

6.5CVSS7.1AI score0.00434EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.5 views

多款Dell产品 安全漏洞

Dell Command Update and Dell Update and Alienware Update are both products of Dell, Inc.Dell Command Update is a tool used to automatically update drivers, BIOS, and firmware in Dell products.Dell Update and Alienware Update is an update application. A security vulnerability exists in Dell...

6.6CVSS5.7AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.6 views

TrueConf Server 跨站脚本漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary HTML and script code in the user's browser...

5.4CVSS5.7AI score0.00577EPSS
Exploits1References3
CNVD
CNVD
added 2017/10/27 12:0 a.m.5 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Openfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. A cross-site scripting vulnerability exists in the administration console in Ignite Realtime Openfire server versions prior to 4.1.7. An attacker can execute arbitrary JavaScript code on the victim clie...

4.8CVSS6.6AI score0.00728EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2010/05/14 12:0 a.m.28 views

Heaven Soft CMS 4.7 SQL Injection

x Tybe: SQL Injection Vulnerabilities x Vendor: http://www.newyorkindoorcricket.com/ x Script Name: Heaven Soft, CMS Version: 4.7 x author: PrinceofHacking x Team: Ashiyane Digital Security Team x Mail : PrincedotH4ck@gmaildotcom D0rk:"photogalleryshow.php?id" Exploit:...

7.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1976/01/01 12:0 a.m.6 views

2021-08 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for ARM64 (KB5004870)

2021-08 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for ARM64 KB5004870...

7AI score
Exploits0
Rows per page
Query Builder