Lucene search
K

19 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37628

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS5.4AI score0.00466EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.12 views

PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28032

Name of the Vulnerable Software and Affected Versions imithemes Gaea versions prior to 3.8 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the execution of malicious...

7.1CVSS5.9AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.5 views

CVE-2026-28110

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through =...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/05 3:16 p.m.9 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.9AI score0.00566EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.6 views

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

5.4CVSS6.2AI score0.00616EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/01 9:12 a.m.9 views

CVE-2025-62758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through = 3.8...

6.5CVSS5.9AI score0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.4 views

CVE-2025-67577 WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through = 3.8.20...

5.3CVSS6.6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 12:17 p.m.10 views

CVE-2025-41104

Summary: CVE-2025-41104 is an HTML injection vulnerability in Fairsketch’s RISE CRM Framework v3.8.1. The issue stems from insufficient validation of user input in the POST parameter custom_field_1 at /estimate_requests/save_estimate_request, enabling HTML injection. Affected software: Fairsketch...

5.4CVSS6.9AI score0.00141EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 2:25 a.m.2 views

CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enableunfilteredfilesupload function. This makes it possible for unauthenticated...

4.3CVSS5AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-10117

Malware in sbrugna...

9.1CVSS9AI score0.01961EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS0.00574EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/31 1:45 p.m.9 views

CVE-2025-0930 Reflected Cross-Site Scripting (XSS) vulnerability in TeamCal Neo

Reflected Cross-Site Scripting XSS in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

6.1CVSS6AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 1:37 p.m.8 views

CVE-2025-0929 SQL injection vulnerability in TeamCal Neo

SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

9.8CVSS9.7AI score0.00815EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.5 views

NETSCOUT nGeniusPULSE Security Vulnerability

NetScout nGeniusPULSE is a comprehensive testing and infrastructure operational condition monitoring platform from NetScout, Inc. A security vulnerability exists in NETSCOUT nGeniusPULSE version 3.8 that stems from improper file permission management...

9.1CVSS9AI score0.00836EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/18 6:15 p.m.3 views

CVE-2022-28921

A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...

6.5CVSS6AI score0.007EPSS
Exploits1References3
OSV
OSV
added 2018/12/30 9:29 p.m.3 views

CVE-2018-20602

Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...

7.5CVSS5.8AI score0.01287EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/19 12:0 a.m.3 views

YzmCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-08781)

YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A cross-site request forgery vulnerability exists in YzmCMS version 3.8. A remote attacker can add an administrator account with the help of the /index.php/admin/adminmanage/add.html page to explo...

6.8CVSS7AI score0.00497EPSS
Exploits1References1
Rows per page
Query Builder