Lucene search
+L

11 matches found

CVE
CVE
added 2 days ago15 views

CVE-2026-30618

CVE-2026-30618 affects xszyou Fay 4.3.1, where the MCP STDIO server management and command execution handling can be abused via a publicly exposed MCP management interface to execute arbitrary commands in the Fay service context. Technical details across sources describe an RCE via attacker-contr...

9.8CVSS6.6AI score0.0061EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/02 1:26 p.m.4 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.4 views

CVE-2026-25019

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.3.1...

5.3AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:29 p.m.32 views

CVE-2026-24596

CVE-2026-24596 is a CSRF vulnerability in the WordPress plugin Related Posts Thumbnails (versions up to 4.3.1). The issue allows Cross-Site Request Forgery, affecting the Related Posts Thumbnails Plugin for WordPress from an unspecified early version to 4.3.1. The CVE entry provides a CVSS v3.1 b...

4.3CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 4:31 a.m.5 views

EUVD-2025-203497

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

5.3CVSS4.8AI score0.00917EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 3:30 p.m.19 views

CVE-2025-14387

The CVE-2025-14387 entry concerns the LearnPress – WordPress LMS Plugin (WordPress) with versions up to 4.3.1. The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping. It can be exploited by authenticated attackers with Subscriber-leve...

6.4CVSS4.7AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 9:18 p.m.5 views

CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

7.2CVSS7.2AI score0.00884EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.11 views

PT-2025-5745

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...

8.5CVSS5.6AI score0.00373EPSS
Exploits1References17
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.5 views

Crestron AirMedia 安全漏洞

Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia Windows Application version 4.3.1.39. An attacker could exploit the vulnerability to temporarily store a file structure and change it during a...

8.8CVSS8AI score0.01088EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/29 12:0 a.m.2 views

LCDS LAquis SCADA Input Validation Error Vulnerability

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. An input validation error vulnerability exists in LCDS LAquis SCADA version...

7.8CVSS6.9AI score0.00809EPSS
Exploits0References1
Rows per page
Query Builder