Lucene search
K

421 matches found

Cvelist
Cvelist
added 2025/12/16 8:13 a.m.34 views

CVE-2025-68056 WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

8.5CVSS0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.7 views

abp 安全漏洞

abp is an ABP open source web application framework. A security vulnerability exists in abp version 5.1.0 through versions prior to 10.0.0-rc.2, which stems from failure to properly validate the returnUrl parameter, which could result in a redirect to an arbitrary external domain...

5.3CVSS6.5AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.7 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

6.5AI score0.00239EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/14 5:6 a.m.6 views

WordPress Essential Real Estate plugin <= 5.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Essential Real Estate versions = 5.2.6...

5.4CVSS5.2AI score0.00228EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/10 7:46 a.m.9 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

8.8CVSS6.6AI score0.00566EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/09 6:15 p.m.7 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.11196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.9 views

Mersive Solstice Pod API 安全漏洞

The Mersive Solstice Pod API is an application programming interface from Mersive USA. A security vulnerability exists in Mersive Solstice Pod API versions 5.5 and 6.2, which originates from an unauthenticated api/config endpoint that exposes sensitive information, potentially leading to session...

7.5CVSS6.5AI score0.00275EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.5 views

CVE-2025-66291

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS6.5AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.6 views

CVE-2025-66290

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

5.3CVSS6.6AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/29 3:8 a.m.6 views

EUVD-2025-199903

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS6.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/29 3:5 a.m.7 views

EUVD-2025-199906

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset...

8.7CVSS6.5AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/11/29 3:4 a.m.20 views

CVE-2025-66224

OrangeHRM versions 5.0–5.7 contain an input-neutralization flaw in mail configuration and delivery workflow where user-controlled values flow into the sendmail path without sanitization, allowing OS command strings to be constructed and enabling file writes on the server and potential code execut...

9CVSS6.6AI score0.00491EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/11/29 12:0 a.m.7 views

OrangeHRM 授权问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. An authorization issue vulnerability exists in OrangeHRM versions 5.0 through 5....

5.3CVSS6.2AI score0.00175EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.4 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL versions 5.8.2 and earlier, which stems from improper validation of the TLS 1.3 CertificateVerify...

2.7CVSS6.3AI score0.0015EPSS
Exploits0References4
NVD
NVD
added 2025/11/20 8:16 p.m.8 views

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...

5.4CVSS0.00388EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/11/08 10:32 a.m.8 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

7.2CVSS7.3AI score0.0038EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.6 views

ClipBucket V5 安全漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A security vulnerability exists in ClipBucket V5 5.5.2-146 and prior versions, which stems from the Manage Photos feature mishandling the Photo Title parameter, which could lead to a stored cross-site scripting attack...

8.6CVSS5.8AI score0.00282EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 9:15 p.m.7 views

PYSEC-2025-126

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

3.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.7 views

ClipBucket V5 跨站脚本漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A cross-site scripting vulnerability exists in ClipBucket v5 versions 5.5.2 through 147, which stems from the Collection tags feature not escaping HTML or JavaScript, and could lead to a stored cross-site scripting...

5.4CVSS5.8AI score0.00204EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/30 2:10 p.m.7 views

EUVD-2025-37010

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

7.8CVSS6.2AI score0.00598EPSS
Exploits0References2
Rows per page
Query Builder