Lucene search
K

15 matches found

Patchstack
Patchstack
added 2026/05/05 5:53 p.m.6 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...

4.9CVSS5.8AI score0.00554EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/15 5:56 a.m.5 views

OESA-2026-1608 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: A vulnerability classified as problematic has been found in Apache ActiveMQ Application Server Software.CWE is classifying the issue as CWE-190. The product performs a calculation that can produce...

8.8CVSS5.4AI score0.0078EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 7:16 a.m.9 views

CVE-2025-15595

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions...

7.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2026/03/03 6:13 a.m.19 views

CVE-2025-15595

CVE-2025-15595 describes privilege escalation via dll hijacking in Inno Setup, affecting version 6.2.1 and earlier. The underlying issue is a dll hijack in the installer process. According to the provided metrics, exploitation requires local access with low privileges and no user interaction, and...

8.7CVSS5.9AI score0.00092EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/10/26 12:5 p.m.145 views

Exploit for CVE-2025-53533

Cross-Site-Scripting XSS in Pi-hole-CVE-2025-53533 exploit Po...

6.4AI score0.00564EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.5 views

PT-2025-44019

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions 6.2.1 and earlier Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole network-level advertisement and internet tracker blocking application, is susceptible to reflected cross-site...

7.5CVSS6.3AI score0.00564EPSS
Exploits2References7
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.3 views

WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Herd Effects versions = 6.2.1...

5.4CVSS6.9AI score0.00199EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2024/08/28 2:39 a.m.4 views

SUSE CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

6.5CVSS6.8AI score0.00929EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2024/03/21 10:10 p.m.5 views

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

6.5CVSS6.3AI score0.00929EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/16 12:0 a.m.3 views

TIBCO Partnerexpress 加密问题漏洞

TIBCO Partnerexpress is a Php-based platform that generates barcodes by product name from TIBCO USA. A cryptographic issue exists in Tibco PartnerExpress where the product does not encrypt session tokens during interactions. An attacker could obtain the token to simulate an interaction. The...

9.3CVSS8AI score0.00979EPSS
Exploits0References3
CNVD
CNVD
added 2021/01/08 12:0 a.m.4 views

Gotenberg Directory Traversal Vulnerability (CNVD-2021-03336)

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A directory traversal vulnerability exists in Gotenberg 6.2.1 and earlier versions of the Markdown engine. An attacker can exploit this vulnerability to read any container file...

7.5CVSS6.7AI score0.04936EPSS
Exploits2References1
CNVD
CNVD
added 2019/11/14 12:0 a.m.3 views

SITOS six Build Cross-Site Scripting Vulnerability

SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. A cross-site scripting vulnerability exists in the blog feature in SITOS six Build v6.2.1. The vulnerability stems from the WEB application lacking proper...

6.1CVSS6.4AI score0.01021EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 12:15 p.m.6 views

CVE-2019-15747

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side...

8.8CVSS7.3AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/31 12:0 a.m.2 views

SQL Injection Vulnerability in Xinqi Online Learning System V6.2.1

Xinqi Online Learning System is an online learning platform system that can make learning plans, realize supervision and monitoring, and assist learning. SQL injection vulnerability exists in version V6.2.1 of Xinqi Online Learning System, which can be exploited by attackers to obtain sensitive...

7.7AI score
Exploits0
CNVD
CNVD
added 2017/07/07 12:0 a.m.3 views

Cisco Wide Area Application Services Denial of Service Vulnerability

Cisco Wide Area Application Services WAAS is the United States Cisco Cisco company's set of WAN link acceleration software. The software is mainly used for small bandwidth and high latency link environment. A denial of service vulnerability exists in the Server Message Block SMB service in Cisco...

5.3CVSS5.4AI score0.02197EPSS
Exploits0References1
Rows per page
Query Builder