Lucene search
K

9 matches found

NVD
NVD
added 2026/03/24 7:16 p.m.5 views

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

7.1CVSS0.00264EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 8:35 a.m.26 views

CVE-2026-25442 WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

7.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/29 9:49 p.m.5 views

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5367

Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...

7.6CVSS6AI score0.00566EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.4 views

WordPress plugin WP Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS7.9AI score0.00236EPSS
Exploits1References1
OSV
OSV
added 2023/04/04 3:15 p.m.6 views

CVE-2020-20913

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basictitle parameter...

9.8CVSS6.1AI score0.01423EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.7 views

PT-2022-23021 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.7.2 Description: The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a...

5.3CVSS5.1AI score0.00657EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.8 views

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version v4.7.2, which stems from the fact that this is a library for secure smart contract development, and that contracts using Arbitrum L2's...

5.3CVSS5.6AI score0.00492EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/08/01 12:0 p.m.4 views

tcpdump: force printer vulnerability

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

7.5CVSS7.8AI score0.07815EPSS
Exploits0References4
Rows per page
Query Builder