Lucene search
K

537 matches found

Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-5046 · Unknown · Raymonddesign Post & Page Notes

Name of the Vulnerable Software and Affected Versions: RaymondDesign Post & Page Notes versions 0.1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS9.1AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.3 views

WordPress plugin Urdu Formatter – Shamil 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS7.8AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2024/12/27 8:15 p.m.4 views

CVE-2024-39025

Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data...

7.5CVSS7AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

Playloom Engine 信息泄露漏洞

Playloom Engine is an open source, high-performance game development engine from Quetro Personal Developers. It is designed to help developers create immersive 2D and 3D games. An information disclosure vulnerability exists in Playloom Engine version v0.0.1. The vulnerability stems from the...

8.7CVSS6.4AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.13.0, which stems from improper access control of document-hooks.ts and allows unauthorized access to user documents...

7.5CVSS6.6AI score0.00521EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.3 views

KMQTT 安全漏洞

KMQTT is a Kotlin multi-platform MQTT 3.1.1/5.0 client and proxy from the individual developer Davide Pianca. A security vulnerability exists in KMQTT version v0.4.8 that stems from allowing an attacker to cause a denial of service via a crafted request...

7.5CVSS6.5AI score0.00413EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

WordPress plugin Amazon Associate Filter 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS6.5AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 10:15 a.m.3 views

CVE-2024-10311

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

WordPress plugin External Database Based Actions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

8.8CVSS8.4AI score0.00433EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.7 views

PT-2024-35215 · Labs64 · Digipass

Name of the Vulnerable Software and Affected Versions: DigiPass versions 0.3.0 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Absolute Path Traversal in Labs64 DigiPass. Recommendations:...

7.5CVSS9.3AI score0.0055EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.2 views

WordPress plugin Widget or Sidebar Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/29 8:28 p.m.9 views

WordPress Widget or Sidebar Shortcode plugin <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Widget or Sidebar Shortcode versions = 0.6.1...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2024/10/28 2:15 p.m.10 views

PYSEC-2024-299

Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block...

7.5CVSS5.8AI score0.00426EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

FreeCoAP 安全漏洞

FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a private developer. A security vulnerability exists in FreeCoAP version 0.7, which stems from a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a...

9.8CVSS8AI score0.01137EPSS
Exploits1References3
OSV
OSV
added 2024/09/18 2:15 p.m.3 views

CVE-2024-31197

Improper Null Termination vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of10::Port:unpack. This issue affects libfluid: 0.1.0...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.4 views

PT-2024-20172

Name of the Vulnerable Software and Affected Versions libfluid version 0.1.0 Description The issue is related to an Unchecked Return Value to NULL Pointer Dereference vulnerability in the Open Networking Foundation ONF libfluid, specifically in the libfluid msg module. This vulnerability is...

7.5CVSS6.4AI score0.00546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.3 views

PT-2024-23827 · Open Networking Foundation · Libfluid

Name of the Vulnerable Software and Affected Versions: libfluid version 0.1.0 Description: The issue is related to an Unchecked Return Value to NULL Pointer Dereference vulnerability in the libfluid msg module of the Open Networking Foundation ONF libfluid. This vulnerability is associated with t...

7.5CVSS6.8AI score0.00443EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/09/17 10:5 a.m.5 views

WordPress Posts reminder plugin <= 0.20 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Posts reminder versions = 0.20...

6.5CVSS7AI score0.00178EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/15 6:40 p.m.18 views

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

6.5CVSS6.9AI score0.00236EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.4 views

filestash 安全漏洞

filestash is a Dropbox-like file manager by the individual developer Mickael. A security vulnerability exists in filestash v0.4, which stems from a TLS certificate validation being skipped when using the FTPS protocol. An attacker can perform a man-in-the-middle attack via the Init function of...

7.5CVSS6.5AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder