Lucene search
K

537 matches found

CVE
CVE
added 2025/11/29 1:57 a.m.15 views

CVE-2025-66216

AIS-catcher before v0.64 is affected by a heap buffer overflow in AIS::Message that allows writing ~1 KB into a 128-byte buffer. This has been patched in v0.64. Remediation: upgrade to 0.64+ (or apply vendor advisories). Exploitation details are not provided in the supplied documents.

9.8CVSS7AI score0.00443EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.7 views

PT-2025-48359

Name of the Vulnerable Software and Affected Versions AIS-catcher versions prior to 0.64 Description AIS-catcher is a multi-platform AIS receiver. A heap buffer overflow exists in the AIS::Message class. This allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer...

9.3CVSS7.4AI score0.00443EPSS
Exploits1References9
NVD
NVD
added 2025/11/26 8:15 p.m.7 views

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

4.3CVSS0.00242EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 4: cpp-httplib (TSSA-2025:0374)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0374 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.2AI score0.00603EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.1 views

WordPress plugin Top Friends 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.5AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 12:0 a.m.10 views

CVE-2025-56526

CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...

6.1CVSS6.3AI score0.00352EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.9 views

CVE-2025-12667

The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60921

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS4.6AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/11 6:30 a.m.3 views

EUVD-2025-60920

The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 3:30 a.m.19 views

CVE-2025-11859

CVE-2025-11859 affects the WordPress plugin Paypal Donation Shortcode (versions

6.4CVSS4.8AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/11/08 3:27 a.m.10 views

CVE-2025-12167

CVE-2025-12167 affects the WordPress plugin “Contact Form 7 AWeber Extension” (versions through 0.1.42). The root cause is a missing capability check on the AJAX endpoint named wp_ajax_aweber_logreset, allowing authenticated users with Subscriber-level access and above to modify data by resetting...

4.3CVSS4.7AI score0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 9:46 p.m.2 views

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.3AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/06 3:53 p.m.3 views

EUVD-2025-38023

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

6.1AI score0.00103EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.3 views

WordPress plugin WP Global Screen Options 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/25 4:29 p.m.9 views

CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

8.7CVSS6.8AI score0.00607EPSS
Exploits0References1
CVE
CVE
added 2025/10/24 3:41 p.m.20 views

CVE-2025-62714

Karmada Dashboard had an API authentication bypass before v0.2.0. The backend endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster data (Secrets and Services) directly, even though the web UI required a JWT. A...

8.7CVSS6.4AI score0.00607EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.3 views

CVE-2025-48093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: from n/a through = 0.2...

7.1CVSS6.4AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

AudioFile 安全漏洞

AudioFile is a simple C++ library containing only header files by the individual developer Adam Stark in the UK. It is used to read and write audio files. A security vulnerability exists in AudioFile version v0.3.7, which stems from a null pointer dereference in the ModuleState::setup function...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References1
CVE
CVE
added 2025/10/22 2:32 p.m.7 views

CVE-2025-48093

CVE-2025-48093 affects the WordPress plugin Password only login (password-only-login), vulnerable in versions

7.1CVSS6AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.8 views

PT-2025-43061

Name of the Vulnerable Software and Affected Versions Ghost Robotics Vision 60 version 0.27.2 Description The Ghost Robotics Vision 60 APK version 0.27.2 contains exposed encrypted WiFi and SSH credentials. An attacker can connect to the robot’s WiFi network and access all its data, as the system...

8.8CVSS6.4AI score0.00239EPSS
Exploits0References5
Rows per page
Query Builder