Lucene search
K

29 matches found

EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.44 views

Linux Distros Unpatched Vulnerability : CVE-2023-2905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...

8.8CVSS6AI score0.01014EPSS
Exploits1References2
OSV
OSV
added 2026/04/14 10:31 p.m.7 views

GHSA-F24X-5G9Q-753F OAuth2 Proxy's session cookies are not cleared when rendering sign-in page

Impact A regression introduced in v7.11.0 is preventing OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. This only impacts deployments that rely on the sign-in page as part of their logout flow. In those setups, a user may be shown the sign-in page while the existing...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/17 9:31 a.m.5 views

EUVD-2026-12550

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 8:24 a.m.3 views

CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...

5.3CVSS5.1AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 11:15 p.m.3 views

CVE-2025-14111

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...

8.1CVSS5.2AI score0.00548EPSS
Exploits1References4
NVD
NVD
added 2025/12/05 11:15 p.m.9 views

CVE-2025-14111

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...

8.1CVSS0.00548EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49319

Name of the Vulnerable Software and Affected Versions Rarlab RAR App versions up to 7.11 Build 127 Description A security issue exists in the component com.rarlab.rar of Rarlab RAR App on Android. This allows for path traversal, potentially enabling remote attacks. Exploitation is considered high...

8.1CVSS4.9AI score0.00548EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.5 views

Rarlab WinRAR 安全漏洞

Rarlab WinRAR is a file compression/decompression software from Rarlab. A security vulnerability exists in Rarlab WinRAR version 7.11, which originates from cross-site scripting in the Generate Report function and could lead to the disclosure of user information...

6.1CVSS5.7AI score0.00301EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.7 views

OpenWGA 代码注入漏洞

OpenWGA is an OpenWGA open source content management system and web application development platform. A code injection vulnerability exists in OpenWGA version 7.11.12 Build 737, which stems from a cross-site scripting vulnerability in the Admin UI component...

5.1CVSS4.9AI score0.00227EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/10/22 5:23 a.m.16 views

Rocket.Chat: SSRF via improper validation after DNS name resolution in the link-preview feature

The link-preview feature in Rocket.Chat version 7.11.0 did not properly validate the IP address after DNS resolution. This allowed an attacker to obtain a domain that pointed to an internal IP address, triggering SSRF and enabling access to internal hosts that would otherwise be unreachable...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2025/09/13 12:0 a.m.3 views

Sixun Business Management System 授权问题漏洞

Sixun Business Management System is a business management system from Sixun, a Chinese company. An authorization issue vulnerability exists in Sixun Business Management System version 7/11, which originates from an improper authorization in File/Adm/OperatorStop and could lead to a remote attack...

7.5CVSS7.4AI score0.00331EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/08/14 2:53 a.m.4 views

SUSE CVE-2025-54576

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS7AI score0.01133EPSS
Exploits1References3
OSV
OSV
added 2025/02/13 7:15 a.m.4 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS7.6AI score0.02258EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.5 views

WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

9.8CVSS9.2AI score0.02258EPSS
Exploits1References2
OSV
OSV
added 2024/06/19 3:15 p.m.5 views

CVE-2023-39312

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

8.8CVSS5.8AI score0.00465EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.4 views

WordPress plugin Avada 7.11.1 and security vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.8AI score0.00304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-19869 · Themefusion · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows authenticated attackers with editor-level access and above to perform SQL Injection via the entry parameter due to insufficient escaping on the...

7.2CVSS9.7AI score0.00828EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.10 views

PT-2024-19671 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attribute...

6.4CVSS8AI score0.00688EPSS
Exploits1References8
Rows per page
Query Builder