Lucene search
K

30 matches found

EUVD
EUVD
added 2026/06/02 7:48 a.m.10 views

EUVD-2026-33886

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...

8.8CVSS6.8AI score0.01346EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 7:32 p.m.4 views

GHSA-42FC-7W97-8VRC XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter

Impact The PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious externa...

4.4CVSS5.9AI score0.00151EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 6:16 p.m.8 views

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

4.4CVSS0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.25 views

CVE-2026-32421 WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through = 2.4.1...

5.3CVSS0.00199EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/28 12:24 a.m.5 views

SUSE CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.9AI score0.00211EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Reflected Cross-Site Scripting vulnerability

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin = 2.4.1 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin ClickWhale versions = 2.4.1...

6.1CVSS5.3AI score0.0034EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67575

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS7AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67580

Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through = 2.4.1...

5.3CVSS7AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.24 views

CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.4 views

CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

6.6AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin Sitewide Notice WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Sitewide Notice A...

5.3CVSS5.8AI score0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 2:25 a.m.3 views

CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/12 10:27 p.m.29 views

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 5:15 p.m.4 views

CVE-2025-5031

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...

2.3CVSS4.2AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

ruoyi-vue-pro 路径遍历漏洞

ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized and refactored efficient back-end management system framework for the development of enterprise back-end , SaaS platforms , WeChat applets back-end and so on. ruoyi-vue-pro 2.4.1 version of a path traversal...

9.1CVSS5.8AI score0.00809EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/01/29 5:48 a.m.5 views

WordPress ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin ClickWhale versions = 2.4.1...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/29 4:15 a.m.3 views

CVE-2025-0804

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder