Lucene search
K

18 matches found

NVD
NVD
added 2026/04/23 12:16 a.m.20 views

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

4.8CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:59 p.m.3 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 7:23 p.m.25 views

CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...

8.8CVSS0.00545EPSS
Exploits0References6
NVD
NVD
added 2026/02/16 7:17 a.m.9 views

CVE-2026-2538

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

7.3CVSS0.00157EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/11 8:35 a.m.14 views

WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Custom Block Builder - Lazy Blocks plugin = 4.2.0 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by Youssef Elouaer - ISET ZAGHOUAN in WordPress Plugin Lazy Blocks versions = 4.2.0...

8.8CVSS5.7AI score0.09093EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 3:11 p.m.5 views

CVE-2025-63060

Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...

4.3CVSS5.9AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

WordPress plugin CSV to SortTable 跨站脚本漏洞

WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/06 3:54 p.m.11 views

CVE-2025-60187 WordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through = 4.2.1...

4.8CVSS0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

Kissflow Work Platform 安全漏洞

Kissflow Work Platform is a low-code process automation platform from Kissflow, Inc. in the United States. A security vulnerability exists in Kissflow Work Platform versions v2.0 through v4.2, which originates from the injection of a specially crafted payload and could lead to a stored cross-site...

8.8CVSS6.2AI score0.00317EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/07/10 6:33 a.m.5 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-39614 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-39614 Source advisory: OSV:GHSA-F6F8-9MX6-9MX2...

7.5CVSS6.6AI score0.28637EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.7 views

PT-2024-24707 · WordPress · Extendwp Import Content

Name of the Vulnerable Software and Affected Versions: extendWP Import Content in WordPress & WooCommerce with Excel versions n/a through 4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...

7.1CVSS6.4AI score0.00338EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/20 12:0 a.m.8 views

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

5.3CVSS6.8AI score0.00961EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.4 views

WordPress plugin PDF24 Articles To PDF 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress PDF24 Articles To PDF plugin 4.2.2 and earlier versions have a cross-site request forgery...

6.5CVSS5.5AI score0.00513EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.8 views

Connext Dds 多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

9.8CVSS8.4AI score0.01424EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/07/20 12:0 a.m.10 views

PT-2021-3940 · Adobe · Character Animator

Name of the Vulnerable Software and Affected Versions: Adobe Character Animator versions 4.2 and earlier Description: The issue is caused by a memory corruption vulnerability when parsing a specially crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the...

9.3CVSS8.1AI score0.02265EPSS
Exploits0References6
OSV
OSV
added 2020/01/24 6:15 p.m.7 views

CVE-2020-6965

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability...

9.9CVSS7.4AI score0.0113EPSS
Exploits0References2
CNVD
CNVD
added 2018/08/28 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Admin Tools Information Disclosure Vulnerability

SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analysis, data visualization, etc. Admin Tools is one of the management tools. An information disclosure vulnerability exis...

7.5CVSS7.1AI score0.01744EPSS
Exploits0References1
OSV
OSV
added 2014/12/08 11:59 a.m.2 views

DEBIAN-CVE-2014-9218

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...

5CVSS8.9AI score0.11055EPSS
Exploits4References1
Rows per page
Query Builder