Lucene search
K

22 matches found

CVE
CVE
added 2026/03/13 7:15 p.m.13 views

CVE-2026-31798

CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...

5CVSS5.9AI score0.00097EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/19 8:26 a.m.17 views

CVE-2026-25330

CVE-2026-25330 affects the WordPress PublishPress Authors plugin (<= 4.10.1). Described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels. CVSSv3.1: 4.3 (Medium) with Network attack vector, Privileges Required: Low, Us...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/01/28 1:32 a.m.6 views

CVE-2026-1505 D-Link DIR-615 URL Filter set_temp_nodes.php os command injection

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

8.6CVSS5.6AI score0.04474EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.4 views

CVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

8.5CVSS5.3AI score0.00559EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.9 views

PT-2025-51179

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS6.6AI score0.00401EPSS
Exploits1References7
Patchstack
Patchstack
added 2025/12/13 2:12 p.m.6 views

WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.10...

9.1CVSS7AI score0.00154EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/12/10 3:47 p.m.8 views

Out-of-bounds Read

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6.7AI score0.00456EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.8 views

PT-2025-47422

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

5.3CVSS6AI score0.00247EPSS
Exploits0References7
CVE
CVE
added 2025/10/29 3:37 p.m.16 views

CVE-2025-62785

Wazuh CVE-2025-62785 describes a NULL dereference in fillData() where value is not checked before os_strdup(), allowing a crafted agent message to crash analysisd and take it offline. Affected software is Wazuh (analysisd component) with vulnerability in the message handling path. The issue is fi...

7.5CVSS6.4AI score0.00401EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/04 3:32 a.m.5 views

EUVD-2025-32419

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...

5.3CVSS4.8AI score0.00272EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.9 views

CVE-2024-22648

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment...

5.3CVSS6.8AI score0.00609EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 9:15 p.m.9 views

CVE-2024-2256

The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bwcontactbutton and bwbutton shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

5.3CVSS7.3AI score0.02419EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.4 views

PHOENIX CONTACTs WP 6xxx series web panels Trust Management Issues Vulnerability

PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A trust management issue vulnerability exists in PHOENIX CONTACT WP 6xxx series web panels prior to version 4.0.10, where a remote attacker with administrator privileges can read a hard-coded...

4.9CVSS6.7AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.3 views

PT-2023-20500 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.10.1 Description: The issue is related to Missing Origin Validation in WebSockets handshakes. This can allow an adversary in specific scenarios to access data from and connect to the code-server instance...

9.3CVSS7.2AI score0.0034EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/03/19 12:0 a.m.3 views

FTAPI 跨站脚本漏洞

A cross-site scripting vulnerability exists in FTAPI 4.0 - 4.10, which allows the passage of a crafted filename to an alternate text hover box in the file submission component...

6.1CVSS5.8AI score0.00817EPSS
Exploits1References3
OSV
OSV
added 2020/06/22 9:15 a.m.4 views

CVE-2020-7262

Improper Access Control vulnerability in McAfee Advanced Threat Defense ATD prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter...

5.5CVSS6.1AI score0.00743EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/15 12:0 a.m.4 views

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP BusinessObjects Business Intelligence platform is a suite of bookstore intelligence software and enterprise performance solutions from SAP Germany. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability in the SAP BusinessObjects Busines...

5.4CVSS6.7AI score0.00968EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/04/21 12:0 a.m.6 views

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

6.1CVSS6.8AI score0.00869EPSS
Exploits1References4
Rows per page
Query Builder