Lucene search
K

14 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-515 Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
OSV
OSV
added 2026/05/29 1:35 p.m.10 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.8 views

CVE-2026-7636 Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 7:50 a.m.12 views

EUVD-2026-31416

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
CVE
CVE
added 2026/03/04 7:30 p.m.18 views

CVE-2026-28427

CVE-2026-28427 affects OpenDeck (Linux software for the Elgato Stream Deck). Prior to version 2.8.1, the service listening on port 57118 serves static plugin files but does not sanitize path components properly. An attacker can use ../ sequences in the request path to traverse outside the intende...

7.5CVSS6AI score0.00431EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:59 a.m.8 views

WordPress ShopLentor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ShopLentor versions = 2.8.1...

6.4CVSS5.3AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/24 6:32 a.m.4 views

CVE-2025-13588 lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS6.2AI score0.00218EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 2:45 a.m.5 views

CVE-2023-0293

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

4.3CVSS5.3AI score0.00568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.8 views

CVE-2023-50839

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1...

9.8CVSS8.9AI score0.02041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:10 a.m.5 views

CVE-2024-54219

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through = 2.8.1...

7.1CVSS7.2AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2023/11/16 5:15 p.m.3 views

CVE-2023-6019

A command injection existed in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

9.8CVSS5.9AI score0.7463EPSS
Exploits15References1
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.5 views

WordPress Plugin DNUI 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS7.8AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

htmly 安全漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in htmly version 2.8.1, which stems from the vulnerability to arbitrary file deletion on the local host when deleting backup files in htmly 2.8.1. The vulnerability could allow a remote attacker to delete arbitrar...

9.1CVSS8.4AI score0.01628EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/11/05 12:0 a.m.3 views

PT-2020-6540 · Gsoap · Gsoap

Name of the Vulnerable Software and Affected Versions: gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of gSOAP. This issue can be triggered by a specially crafted SOAP request, leading to denial of service. An attacker can exploit this ...

9.8CVSS7.3AI score0.0586EPSS
Exploits5References46
Rows per page
Query Builder