Lucene search
K

59 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57720 WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.9 views

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 4:16 p.m.45 views

CVE-2026-42283

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the...

7.8CVSS0.00152EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/24 9:48 a.m.9 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils

Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...

8.8CVSS5.9AI score0.00663EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:40 a.m.4 views

WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...

6.5CVSS5.4AI score0.00248EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/10 3:39 p.m.16 views

CVE-2026-21743

The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...

7.2CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:0 a.m.7 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

6.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.10 views

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.4 views

CVE-2023-25973

Cross-Site Request Forgery CSRF vulnerability in Lucian Apostol Auto Affiliate Links plugin = 6.3.0.2 versions...

8.8CVSS8.9AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.38 views

CVE-2025-60080 WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

7.5CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2025/11/07 3:2 p.m.13 views

CVE-2025-12860

Summary: CVE-2025-12860 affects DedeBIZ up to version 6.3.2. An SQL injection can be triggered by manipulating the orderby parameter in /admin/freelist_main.php. The vulnerability is exploitable remotely and the public exploit is available. Multiple connected sources corroborate the issue and its...

7.2CVSS5.2AI score0.00296EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/27 6:44 p.m.5 views

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

5.1CVSS5.9AI score0.00228EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-44010

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...

5.1CVSS5.7AI score0.00228EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References2
NVD
NVD
added 2025/10/22 10:15 p.m.13 views

CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

8.7CVSS0.00402EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/10/22 9:36 p.m.4 views

CVE-2025-62707

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

8.7CVSS5.3AI score0.00402EPSS
Exploits0
NVD
NVD
added 2025/09/23 9:15 a.m.5 views

CVE-2025-9798

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

8.9CVSS0.00252EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 6:24 p.m.9 views

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

6.5CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/08 10:52 p.m.11 views

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

2.3CVSS0.0118EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.3 views

IBM Tivoli Monitoring 安全漏洞

IBM Tivoli Monitoring is a suite of system monitoring software from International Business Machines IBM. The software supports detection of system bottlenecks and potential problems, performance monitoring of essential system resources, automatic recovery from critical situations, and more. A...

9.8CVSS6.8AI score0.00453EPSS
Exploits0References1
Rows per page
Query Builder