Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/05/12 9:29 a.m.93 views

CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/05/02 2:16 p.m.10 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS0.0026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39521

Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...

5.9AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 11:9 p.m.2 views

CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

8.5CVSS7AI score0.00133EPSS
Exploits1References5
NVD
NVD
added 2025/12/16 5:16 a.m.8 views

CVE-2025-13956

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

5.3CVSS0.00917EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/15 6:30 p.m.4 views

EUVD-2025-203384

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS4.6AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.5 views

WordPress plugin Small Package Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.5CVSS9.3AI score0.00436EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.3 views

LG SuperSign CMS Cross-Site Scripting Vulnerability

LG SuperSign CMS is a content management software solution optimized for LG webOS kanbanban from Luckin LG Korea. A cross-site scripting vulnerability exists in LG SuperSign CMS versions 4.1.3 through 4.3.1, which stems from improper input neutralization during web page generation, resulting in...

6.1CVSS6AI score0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/17 5:0 p.m.8 views

CVE-2022-22775

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting XSS vulnerabilities that allow low privileged attackers with network access to execute scripts...

8.1CVSS6.1AI score0.00477EPSS
Exploits0References3
OSV
OSV
added 2020/07/09 4:15 p.m.2 views

UBUNTU-CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...

6.5CVSS6.8AI score0.0051EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/16 12:0 a.m.3 views

Broadcom CA API Developer Portal Access Control Error Vulnerability

Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...

4.3CVSS6.8AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.2 views

Broadcom CA API Developer Portal Input Validation Error Vulnerability (CNVD-2020-25822)

Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An input validation error vulnerability exists in Broadcom CA API Developer Portal...

6.1CVSS6.8AI score0.01325EPSS
Exploits0References1
OSV
OSV
added 2018/11/02 3:29 p.m.4 views

CVE-2018-17918

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page...

9.8CVSS5.8AI score0.03805EPSS
Exploits0References2
Rows per page
Query Builder