Lucene search
K

22 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36935

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 2:25 a.m.4 views

CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

5.4CVSS6AI score0.00176EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.5 views

CVE-2021-2476

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Authentication. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation...

5.3CVSS5.3AI score0.01158EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/06 12:0 a.m.7 views

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.3, which stems from an unclosed file and could lead to a denial of service...

7.5CVSS8.1AI score0.00845EPSS
Exploits0References3
OSV
OSV
added 2025/03/24 6:31 p.m.1 views

GHSA-HH3M-G4QJ-4835 Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

5.3CVSS5.9AI score0.00485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.9 views

PT-2025-2914 · Unknown · Fancy Product Designer

Name of the Vulnerable Software and Affected Versions: Fancy Product Designer versions n/a through 6.4.3 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as a SQL Injection vulnerability. This vulnerability can allow an attacke...

9.3CVSS9.8AI score0.16259EPSS
Exploits2References9
OSV
OSV
added 2024/11/22 4:15 p.m.2 views

CVE-2024-32770

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...

5.4CVSS5.7AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.3 views

PT-2024-24839 · Synology · Photo Station

Name of the Vulnerable Software and Affected Versions: Photo Station versions prior to 6.4.3 Description: A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject maliciou...

6.3CVSS5.9AI score0.00361EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

QNAP Systems Photo Station 跨站脚本漏洞

QNAP Systems Photo Station is an online photo album from QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A cross-site scripting vulnerability exists in QNAP Systems Photo Station prior to version 6.4.3, which stems from the inclusion of a cross-site...

6.3CVSS6AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.6 views

PT-2024-24838 · Synology · Photo Station

Name of the Vulnerable Software and Affected Versions: Photo Station versions prior to 6.4.3 Description: A cross-site scripting XSS vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. Recommendations:...

6.3CVSS5.9AI score0.00361EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/16 3:56 a.m.3 views

WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/19 2:15 a.m.3 views

CVE-2024-24997

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

8.8CVSS7.5AI score0.03241EPSS
Exploits0References1
OSV
OSV
added 2024/04/19 2:15 a.m.4 views

CVE-2024-24999

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

8.8CVSS6AI score0.02851EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...

7.1CVSS6.7AI score0.01758EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a competitive conditio...

8.8CVSS7.5AI score0.02373EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...

8.1CVSS6.9AI score0.01807EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.4 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a null pointer...

6.5CVSS6.7AI score0.01728EPSS
Exploits0References2
OSV
OSV
added 2024/04/05 1:15 p.m.3 views

UBUNTU-CVE-2023-5692

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirectguess404permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publiclyqueryable' post status has been set to 'false'...

5.3CVSS5.7AI score0.00741EPSS
Exploits0References7
OSV
OSV
added 2021/10/20 11:17 a.m.3 views

CVE-2021-35616

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation...

5.4CVSS6.3AI score0.27974EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:16 a.m.3 views

CVE-2021-2476

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Authentication. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation...

5.3CVSS5.8AI score0.01158EPSS
Exploits0References1
Rows per page
Query Builder