Lucene search
K

24 matches found

CVE
CVE
added 10 hours ago5 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score
Exploits0References5
NVD
NVD
added 2026/06/18 2:17 p.m.14 views

CVE-2026-54223

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS0.00628EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.6 views

CVE-2026-54224

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 12:56 p.m.18 views

CVE-2026-54220 Cross-Site Request Forgery in UBB.threads

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:56 p.m.20 views

CVE-2026-54220

CVE-2026-54220 : uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms, confirmed in version 7.7.5 and possibly earlier. The flaw allows an attacker to trick an authenticated user into performing unintended actions. The CVSS metrics indicate high ...

8.6CVSS5.2AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.11 views

CVE-2026-36827

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.00743EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.8 views

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

8.8CVSS6AI score0.01667EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/21 2:30 p.m.17 views

CVE-2025-7782

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

7.6CVSS5.1AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin Cornerstone 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.9AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 10:32 a.m.4 views

EUVD-2025-32528

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly...

5.1CVSS5.1AI score0.00275EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/01/21 1:10 a.m.4 views

WordPress Link Library plugin <= 7.7.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Link Library versions = 7.7.2...

6.1CVSS6.3AI score0.0028EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.5 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.7.0 that stems from an information disclosure vulnerability that allows external access to resources in certain administrative root folders...

5.3CVSS6.1AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2024/08/28 4:15 a.m.6 views

CVE-2024-6448

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full...

5.3CVSS5.7AI score0.00456EPSS
Exploits0References3
OSV
OSV
added 2024/04/17 7:15 p.m.4 views

CVE-2024-32162

CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion...

4.3CVSS5.8AI score0.00397EPSS
Exploits1References2
OSV
OSV
added 2023/12/19 1:15 a.m.5 views

CVE-2023-6314

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

7.8CVSS6.4AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 10:15 p.m.6 views

CVE-2023-47786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LayerSlider plugin = 7.7.9 versions...

5.4CVSS7.3AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.4 views

Virtualmin Cross-Site Scripting Vulnerability

Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Custom Fields feature...

5.4CVSS5.8AI score0.00441EPSS
Exploits1References3
Snyk
Snyk
added 2023/06/14 12:0 a.m.7 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.02627EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.4 views

Intel VROC software 代码问题漏洞

Intel VROC software is an application from Intel Corporation USA. A security vulnerability exists in Intel VROC software prior to version 7.7.6.1003, which stems from the presence of a null pointer dereference that could allow an authenticated user to potentially enable privilege escalation via...

7.8CVSS7.3AI score0.00174EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.6 views

SUSE CVE-2018-1000161

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against...

5.7CVSS6.9AI score0.01045EPSS
Exploits0References3
Rows per page
Query Builder