Lucene search
K

26 matches found

Patchstack
Patchstack
added 2026/02/02 12:52 p.m.7 views

WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widget URL Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Bold Page Builder versions = 4.8.8...

6.4CVSS5.3AI score0.00426EPSS
Exploits0References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2025/12/29 2:16 p.m.14 views

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Overview On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world's most popular document-oriented databases. While...

8.7CVSS7AI score0.83007EPSS
Exploits39
Patchstack
Patchstack
added 2025/12/12 5:10 a.m.6 views

WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobmonster versions = 4.8.2...

9.8CVSS7AI score0.0037EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/10/31 7:15 a.m.5 views

CVE-2025-5397

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...

9.8CVSS0.01005EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27163

Malicious code in bioql PyPI...

9.4CVSS6.5AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.4 views

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A code injection vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the parameter configUrl in the file /swagger-ui/index.html...

6.1CVSS4.7AI score0.00732EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.4 views

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. RuoYi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from the file com/ruoyi/web/controller/system/SysNoticeController.java function addSave incorrect operation leads to...

5.4CVSS4.7AI score0.00262EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.3 views

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers in RuoYi, China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from the use of default credentials by the Druid component...

5.3CVSS4.8AI score0.00422EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.3 views

SEMCMS 安全漏洞

SEMCMS is SEMCMS open source content management system CMS for foreign trade websites with multilingual support. A security vulnerability exists in SEMCMS 4.8 and earlier versions, which stems from an unknown function in the file SEMCMSImages.php that can lead to SQL injection...

6.5CVSS6.8AI score0.00488EPSS
Exploits1References4
OSV
OSV
added 2024/08/12 1:38 p.m.7 views

CVE-2024-21878

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currentl...

9.8CVSS5.7AI score0.01433EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/10 12:0 a.m.6 views

PT-2024-19110 · Enphase · Enphase Iq Gateway

Name of the Vulnerable Software and Affected Versions: Enphase IQ Gateway formerly known as Envoy versions 4.x through 8.x and versions prior to 8.2.4225 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as 'Command Injection'...

8.8CVSS7.1AI score0.02475EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

EasyCorp EasyAdmin 跨站脚本漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...

5.4CVSS4.3AI score0.00539EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.7 views

Skyhigh Client Proxy Security Vulnerability

Skyhigh Client Proxy is a client proxy from Skyhigh. A security vulnerability exists in Skyhigh Client Proxy 4.8.1 and earlier versions, which stems from the presence of a control flow implementation error issue that allows an attacker to circumvent existing security controls...

5.5CVSS6.7AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/22 12:0 a.m.5 views

PT-2023-29948 · Netmodule · Netmodule Router

Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...

8.4CVSS7.8AI score0.00961EPSS
Exploits0References8
OSV
OSV
added 2023/10/20 8:15 a.m.5 views

CVE-2023-5534

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...

5.4CVSS6.6AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.5 views

NetApp SnapCenter Security Vulnerability

NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, authenticate, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter versions 4.8 through 4.9 that originates from allowing authenticated...

8.8CVSS6.7AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.5 views

NetApp SnapCenter 安全漏洞

NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.7 up to and including version 4.7P2 and version 4.8 up to and includin...

9.8CVSS8.3AI score0.00957EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/03/30 1:44 a.m.3 views

SUSE CVE-2023-26437

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...

5.3CVSS7AI score0.00593EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

6.5CVSS7AI score0.00413EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.4 views

PT-2023-19071 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to and including 4.8 Description: The issue concerns an out-of-bounds write in the BLE-L2CAP module of Contiki-NG, an open-source operating system for IoT devices. This module handles packet fragmentation up to the...

8.2CVSS7.5AI score0.00353EPSS
Exploits0References4
Rows per page
Query Builder