Lucene search
K

356 matches found

Cvelist
Cvelist
added 2026/02/18 6:42 p.m.26 views

CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/02/15 4:20 p.m.10 views

MAL-2026-942 Malicious code in ethereum-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f139611e5bee8bd888911afc42c4e762ba55dc37cb142d92fe4203209f917600 The package ethereum-lint was found to contain malicious code. Source: ghsa-malware d4db9b610771f0e6a14c8e5de6545323a4041420731492b2265b31ec14fdaa3b...

5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.3 views

CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS5.7AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

Weird Solutions BOOTP Turbo 安全漏洞

Weird Solutions BOOTP Turbo is a BOOTP and DHCP server software developed by Weird Solutions Corporation. The Weird Solutions BOOTP Turbo 2.0 version contains a security vulnerability caused by a buffer overflow, which may lead to denial-of-service attacks...

7.5CVSS6AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 12:0 a.m.5 views

EUVD-2025-206822

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2026-22398

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through = 2.0...

5.4CVSS0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/21 9:5 a.m.6 views

WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin Extend Link versions = 2.0.0...

4.9CVSS5.5AI score0.00184EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/01/17 6:42 a.m.29 views

CVE-2025-12984

The CVE-2025-12984 entry pertains to the WordPress plugin Advanced Ads – Ad Manager & AdSense. It describes an SQL Injection in the order parameter affecting all versions up to 2.0.15 due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated Administr...

4.9CVSS6.2AI score0.00325EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/14 1:18 p.m.10 views

WordPress Shipping Rate By Cities plugin <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter vulnerability

Unauthenticated SQL Injection via 'city' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Shipping Rate By Cities versions = 2.0.0...

7.5CVSS8.1AI score0.00278EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/13 6:15 a.m.7 views

CVE-2025-14829

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

9.1CVSS0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Hubert Brazil. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from insecure permissions and could lead to an authenticated, low-privileged attacker requesting access to other user information via a specially crafted...

6.5CVSS5.8AI score0.00306EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.33 views

V-SOL GPON/EPON OLT Platform 输入验证错误漏洞

V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. An input validation error vulnerability exists in V-SOL GPON/EPON OLT Platform version v2.03, which stems from improper validation of the parent parameter input and could lead to an open...

9.8CVSS6.7AI score0.00373EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.10 views

PT-2026-1901

Name of the Vulnerable Software and Affected Versions zozothemes Corpkit versions through 2.0 Description A flaw exists in zozothemes Corpkit that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...

8.1CVSS6.7AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 4:31 a.m.19 views

CVE-2025-14996

CVE-2025-14996 affects the AS Password Field In Default Registration Form WordPress plugin (

9.8CVSS6.4AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.3 views

All-Dynamics enlogic:show 安全漏洞

All-Dynamics enlogic:show is a digital signage management system from All-Dynamics, Germany. A security vulnerability exists in All-Dynamics enlogic:show version 2.0.2, which stems from the presence of a session fixation vulnerability that could lead to bypassing authentication and performing...

8.5CVSS6.8AI score0.00318EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/05 1:32 p.m.8 views

EUVD-2023-56885

Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0...

5.4CVSS8.7AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.9 views

PT-2026-1282

Name of the Vulnerable Software and Affected Versions Automattic WP Job Manager versions through 2.0.0 Description The software contains a Cross-Site Request Forgery CSRF issue. CSRF allows an attacker to perform actions on behalf of an authenticated user without their knowledge. Recommendations...

5.4CVSS6.5AI score0.00109EPSS
Exploits0References3
CVE
CVE
added 2025/12/31 8:2 p.m.28 views

CVE-2025-28973

Summary of CVE-2025-28973: The vulnerability is a Path Traversal flaw in the WordPress plugin “AA-Team Pro Bulk Watermark Plugin for WordPress” (also referred to as Pro Bulk Watermark Plugin for WordPress) affecting versions up to 2.0. The root cause is insufficient sanitization of user-supplied ...

6.5CVSS5.7AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.6 views

Atom CMS SQL注入漏洞

Atom CMS is an open source content management system from The Digital Craft. An SQL injection vulnerability exists in Atom CMS version 2.0, which stems from an unverified SQL injection in the id parameter of the admin index page, which could lead to a remote attacker manipulating database queries...

9.3CVSS7.8AI score0.00405EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.7 views

CVE-2025-6324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS6.4AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder