Lucene search
K

23 matches found

NVD
NVD
added 2026/05/29 8:16 a.m.17 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00273EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/24 9:48 a.m.9 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils

Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...

8.8CVSS5.9AI score0.00663EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/20 10:15 a.m.14 views

CVE-2026-6629

The CVE concerns Metasoft MetaCRM (up to v6.4.0) in the Interface component, specifically the file sql.jsp and its Statement.executeUpdate function. The vulnerability is a SQL injection caused by manipulation of the sql argument, enabling remote exploitation. Public exploit disclosure is noted, a...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 3:39 p.m.18 views

CVE-2026-21743

The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...

7.2CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
Debian
Debian
added 2025/11/10 8:58 p.m.9 views

[BSA-126] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2025-64507 It was discovered that Incus, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed access to Inc...

8.6CVSS5.9AI score0.00164EPSS
Exploits1
Cvelist
Cvelist
added 2025/10/14 12:42 p.m.10 views

CVE-2025-11498 CSV Formula Injection Vulnerability

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

6.1CVSS0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.8 views

CVE-2023-47825

Cross-Site Request Forgery CSRF vulnerability in TienCOP WP EXtra plugin = 6.4 versions...

8.8CVSS7.1AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.8 views

CVE-2022-24745

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

6.5CVSS6.7AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.13 views

CVE-2022-24747

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

6.3CVSS6.6AI score0.0108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.7 views

SUSE SLES15 Security Update : kernel RT (Live Patch 3 for SLE 15 SP6) (SUSE-SU-2025:01603-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01603-1 advisory. This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: - CVE-2024-53042: ipv4:...

7.8CVSS7AI score0.00265EPSS
Exploits0References10
NVD
NVD
added 2025/03/28 10:15 p.m.12 views

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...

6.5CVSS0.00212EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/28 12:0 a.m.35 views

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...

0.00265EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.12 views

PT-2025-7700

Name of the Vulnerable Software and Affected Versions vTiger CRM version 6.4.0 Description A problematic issue has been identified, affecting the /modules/Mobile/index.php file. The manipulation of the operation argument leads to cross-site scripting. This issue can be exploited remotely...

6.1CVSS5AI score0.00369EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/02/05 9:54 p.m.16 views

CVE-2022-24872

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

8.1CVSS6.7AI score0.01011EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/25 8:50 p.m.7 views

WordPress Spam protection, Anti-Spam, FireWall by CleanTalk plugin <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing vulnerability

Authorization Bypass via Reverse DNS Spoofing vulnerability discovered by mikemyers in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions = 6.43.2...

9.8CVSS7AI score0.15236EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/08 10:28 p.m.2 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.9AI score0.00918EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.1 views

ncurses 缓冲区错误漏洞

ncurses is a character terminal processing library that provides a set of functions for users to call and generate text-based user interfaces. A security vulnerability exists in versions prior to ncurses 6.4 20230408. An attacker could exploit this vulnerability to cause memory corruption...

7.8CVSS6.8AI score0.00923EPSS
Exploits1References14
CNVD
CNVD
added 2021/04/15 12:0 a.m.4 views

Group Office CRM Cross-Site Scripting Vulnerability (CNVD-2021-29739)

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A cross-site scripting vulnerability exists in the Contacts page in Group Office CRM version 6.4.196. An attacker can exploit this...

5.4CVSS6AI score0.00524EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/15 12:0 a.m.4 views

SSH.COM SSH Tectia Client and Server 安全漏洞

SSH.COM SSH Tectia Client and Server is an application from Finland SSH.COM. It is used for secure file transfer and remote access. A security vulnerability exists in SSH Tectia Client and Server before 6.4.19 that allows escalation of local privileges under non-standard conditions...

7CVSS7.1AI score0.00381EPSS
Exploits0References2
OSV
OSV
added 2020/02/04 5:15 p.m.4 views

CVE-2019-4541

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814...

7.2CVSS6.8AI score0.01316EPSS
Exploits0References2
Rows per page
Query Builder