Lucene search
K

29 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42540

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/29 10:56 a.m.9 views

CVE-2025-41275

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:53 a.m.15 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00407EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 10:53 a.m.9 views

EUVD-2025-209993

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:41 a.m.34 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44812

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 3:20 p.m.53 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 3:12 p.m.22 views

CVE-2026-49054 WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.3 views

CVE-2020-36930 SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables...

8.5CVSS7AI score0.00214EPSS
Exploits1References3
CVE
CVE
added 2025/12/05 8:56 p.m.20 views

CVE-2025-8148

CVE-2025-8148 concerns Fortra’s GoAnywhere MFT; all connected sources describe an improper access control in the SFTP service for versions prior to 7.9.0. Web users who have an Authentication Alias and a valid SSH key but are restricted to password authentication can still log in using their SSH ...

4.2CVSS6.5AI score0.00151EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

WordPress plugin SEOPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.8AI score0.03744EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.6 views

Gessler GmbH WEB-MASTER Encryption Problem Vulnerability

Gessler GmbH WEB-MASTER is an emergency lighting management system from Gessler GmbH, Germany. A security vulnerability exists in Gessler GmbH WEB-MASTER version 7.9, which stems from the use of a weak hash algorithm for storing user accounts, and allows an attacker to recover passwords by...

4.4CVSS6.6AI score0.00115EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.7 views

Kakadu Software SDK Code Issue Vulnerability

Kakadu Software SDK is a JPEG2000 software development kit SDK from Kakadu Software, an Australian company. A code issue vulnerability exists in Kakadu Software SDK version 7.9, which stems from a path traversal vulnerability. An attacker could use this vulnerability to access local and remote...

7.5CVSS6.8AI score0.00722EPSS
Exploits1References3
OSV
OSV
added 2023/08/04 3:15 a.m.9 views

CVE-2023-4141

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

8.8CVSS5.9AI score0.01239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.10 views

PT-2023-27940 · WordPress · Wp Ultimate Csv Importer

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer plugin for WordPress versions up to, and including, 7.9.8 Description: The issue is related to privilege escalation due to insufficient restriction on the get header values function. This allows authenticated attacker...

8.8CVSS8.8AI score0.00612EPSS
Exploits0References6
OSV
OSV
added 2023/04/18 9:15 p.m.4 views

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

6.1CVSS5.8AI score0.00397EPSS
Exploits0References1
OSV
OSV
added 2022/04/15 7:15 p.m.4 views

DEBIAN-CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

4.8CVSS6.6AI score0.01086EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.8 views

MIK.starlight 信任管理问题漏洞

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

5.5CVSS5.6AI score0.00319EPSS
Exploits0References1
Rows per page
Query Builder