Lucene search
K

149 matches found

Debian CVE
Debian CVE
added 2025/12/23 10:41 p.m.4 views

CVE-2025-68617

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

7CVSS5.4AI score0.00179EPSS
Exploits1
OSV
OSV
added 2025/12/18 8:15 p.m.6 views

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

5.1CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52321

Name of the Vulnerable Software and Affected Versions File Thingie version 2.5.7 Description The software contains an authenticated file upload issue that enables remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip i...

9.4CVSS7.5AI score0.00497EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

TinyWebGallery 代码问题漏洞

TinyWebGallery is a PHP photo album system of TinyWebGallery open source. A code issue vulnerability exists in TinyWebGallery version 2.5, which stems from improper upload functionality by the administrator and could lead to remote code execution...

9.8CVSS8AI score0.00931EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.2 views

CVE-2025-64243 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

4.3CVSS6.6AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.7 views

WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00185EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 8:36 a.m.30 views

CVE-2025-40829

A vulnerability has been identified in Simcenter Femap All versions V2512. The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-27146...

7.8CVSS0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.7 views

EUVD-2025-203002

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS4.8AI score0.0015EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: gnupg2 (UTSA-2025-991107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991107 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...

4.7CVSS5.9AI score0.00179EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/05 9:27 a.m.28 views

CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...

6.4CVSS0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/04 5:32 p.m.26 views

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

5.8CVSS0.00334EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.9 views

PT-2025-49106

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

4.8CVSS5.5AI score0.00239EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.5 views

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.5.24 th...

8.2CVSS6.5AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.6 views

PT-2025-48318

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin...

4.1CVSS6.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 3:45 a.m.16 views

CVE-2025-10646

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::getrestpermission method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access an...

4.3CVSS5.6AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/22 12:0 a.m.9 views

WordPress plugin Cookie Notice & Compliance for GDPR / CCPA 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

6.4CVSS5.6AI score0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.5 views

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version v2.5 and v2.7.1, which stems from a missing profiler.stop call and could lead to a denial of service...

3.3CVSS6.2AI score0.00121EPSS
Exploits1References5
OSV
OSV
added 2025/11/08 9:28 a.m.6 views

CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

6.5CVSS6.8AI score0.00708EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.8 views

PT-2025-45563

Name of the Vulnerable Software and Affected Versions CYAN Backup plugin for WordPress versions through 2.5.4 Description The CYAN Backup plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. This is...

6.5CVSS7.6AI score0.00708EPSS
Exploits0References6
OSV
OSV
added 2025/11/05 3:15 p.m.11 views

UBUNTU-CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS5.8AI score0.00444EPSS
Exploits1References4
Rows per page
Query Builder