Lucene search
K

356 matches found

CVE
CVE
added 2025/10/27 1:34 a.m.17 views

CVE-2025-62956

CVE-2025-62956 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Reloadly Reloadly-topup-widget (Reloadly plugin) that allows Stored XSS. Public descriptions indicate this affects Reloadly versions from n/a through <= 2.0.1. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S...

7.1CVSS6.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.7 views

WordPress plugin Reloadly 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site...

7.1CVSS6AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 8:23 a.m.10 views

CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

4.3CVSS0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.5 views

PT-2025-43670

Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...

8.3CVSS6.6AI score0.00417EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/22 3:31 p.m.8 views

EUVD-2025-35418

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

5.3CVSS6.5AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2025/10/21 4:15 p.m.7 views

CVE-2025-22166

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

8.3CVSS0.00459EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/15 12:45 a.m.7 views

WordPress Rich Snippet Site Report plugin <= 2.0.0105 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by johska in WordPress Theme Rich Snippet Site Report versions = 2.0.0105...

4.9CVSS8AI score0.00333EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

mailgen 跨站脚本漏洞

mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.31 and earlier, which stems from the generatePlaintext method not properly filtering HTML tags when processing user-generated content, which could lead to...

6.3CVSS5.7AI score0.00418EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/11 10:31 a.m.5 views

CVE-2025-52634

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0...

3.7CVSS6.9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 5:2 p.m.5 views

EUVD-2025-32568

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

7.5CVSS6AI score0.00488EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29676

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00578EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31254

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/30 3:35 a.m.10 views

CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.00361EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.4 views

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...

4.9CVSS4.4AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/27 12:51 a.m.8 views

CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

8.6CVSS6.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.2 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS5.9AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:15 p.m.2 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:25 p.m.13 views

CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...

5.9CVSS0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.9 views

PT-2025-38800

Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...

5.9CVSS6.2AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.18 views

PT-2025-38510

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...

8.1CVSS6.9AI score0.00407EPSS
Exploits0References7
Rows per page
Query Builder