Lucene search
+L

17 matches found

OSV
OSV
added 2026/07/06 6:27 a.m.7 views

OESA-2026-2834 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36917

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 11:16 a.m.39 views

CVE-2026-45211

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40011

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:17 p.m.10 views

JLSEC-2026-484

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...

5.5CVSS5.7AI score0.00113EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/04 6:19 a.m.10 views

WordPress All-in-One Video Gallery plugin <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter vulnerability

Reflected Cross-Site Scripting via 'vi' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All-in-One Video Gallery versions = 4.7.1...

6.1CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/23 12:0 a.m.26 views

CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

0.00131EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/28 4:32 p.m.30 views

CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.3CVSS0.0031EPSS
Exploits1References4
CVE
CVE
added 2025/12/09 10:38 p.m.22 views

CVE-2025-67495

ZITADEL’s DOM-Based XSS in Zitadel V2 logout (CVE-2025-67495) affects 4.0.0-rc.1 through 4.7.0 via the /logout endpoint, where the post_logout_redirect parameter could be used to route malicious JavaScript to a user’s browser. The issue requires multiple active sessions in the same browser and is...

8CVSS6.5AI score0.00265EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.14 views

CVE-2025-60125

Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through = 4.7.6...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2025/01/02 12:15 p.m.5 views

CVE-2023-45766

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.8 views

PT-2024-37380 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

4.8CVSS5.9AI score0.00397EPSS
Exploits1References5
Patchstack
Patchstack
added 2024/06/28 7:27 a.m.7 views

WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Defender Security versions = 4.7.1...

9.8CVSS7AI score0.00532EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...

6.5CVSS5.6AI score0.03876EPSS
Exploits1References2
OSV
OSV
added 2019/12/12 3:15 a.m.5 views

CVE-2019-19748

The Work Time Calendar app before 4.7.1 for Jira allows XSS...

6.1CVSS5.8AI score0.00661EPSS
Exploits1References1
OSV
OSV
added 2018/11/13 10:29 p.m.7 views

CVE-2018-6980

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

7.2CVSS5.8AI score0.01438EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/19 12:0 a.m.6 views

Wowza Streaming Engine Directory Traversal Vulnerability

Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine versions prior...

5.3CVSS6.9AI score0.01443EPSS
Exploits0References1
Rows per page
Query Builder