Lucene search
+L

363 matches found

Vulnrichment
Vulnrichment
added 2025/09/27 12:51 a.m.8 views

CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

8.6CVSS6.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.2 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS5.9AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:15 p.m.3 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:25 p.m.15 views

CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...

5.9CVSS0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.18 views

PT-2025-38800

Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...

5.9CVSS6.2AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.18 views

PT-2025-38510

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...

8.1CVSS6.9AI score0.00407EPSS
Exploits0References7
OSV
OSV
added 2025/09/16 12:0 a.m.6 views

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

3.2CVSS7AI score0.00116EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.6 views

AVTECH EagleEyes 安全漏洞

AVTECH EagleEyes is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes version 2.0.0, which originates from setting ALLOWALLHOSTNAMEVERIFIER to bypass domain name authentication, which could lead to a...

9.8CVSS6.5AI score0.00611EPSS
Exploits3References2
NVD
NVD
added 2025/09/11 8:15 a.m.16 views

CVE-2025-8691

The WP Scriptcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/03 12:0 a.m.13 views

CVE-2025-57151

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS in admin/userprofile.php via the fullname parameter...

0.00561EPSS
Exploits1References2
NVD
NVD
added 2025/08/25 10:15 p.m.7 views

CVE-2025-57814

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

6.9CVSS0.00427EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.12 views

PT-2025-34300 · Unknown · Millenium Mp3 Studio

Name of the Vulnerable Software and Affected Versions: Millenium MP3 Studio versions through 2.0 Description: Millenium MP3 Studio versions up to and including 2.0 are vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application does not properly validate the leng...

8.4CVSS6.9AI score0.00457EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33443 · Unknown · Phpgurukul Online Shopping Portal Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal Project version 2.0 Description: A SQL injection issue exists in the file /shopping/signup.php due to the manipulation of the emailid argument. This allows for remote attacks, and the exploit has been publicl...

9.8CVSS7.6AI score0.00403EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.13 views

CVE-2025-54679 WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through = 2.0...

7.5CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.19 views

CVE-2025-54679

CVE-2025-54679 relates to the Neon Channel Product Customizer Free WordPress plugin (versions

7.5CVSS5.9AI score0.00382EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.6 views

PT-2025-32622 · WordPress · Simple Responsive Slider

Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.2AI score0.00249EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/08/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for iputils (EulerOS-SA-2025-1930)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.5AI score0.01455EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.7 views

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

7.6CVSS5.9AI score0.00467EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.5 views

299Ko 代码问题漏洞

299Ko is a simple, fast and lightweight content management system from 299Ko open source. A code issue vulnerability exists in version 2.0.0 of 299Ko, which stems from the existence of unlimited uploads in the file management component in file/admin/filemanager/view...

5.8CVSS5.1AI score0.0034EPSS
Exploits0References5
Gitee
Gitee
added 2025/07/27 4:4 a.m.101 views

xsser

XSSER ========== Presentation From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Version 2.75 - 2017: Non...

7.3AI score
Exploits0
Rows per page
Query Builder