Lucene search
K

30 matches found

OSV
OSV
added 3 days ago5 views

OESA-2026-2836 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57642

Contributor SQL Injection in Gallery = 4.7.8 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-34886

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:26 a.m.10 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003439 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

7.5CVSS6.6AI score0.03763EPSS
Exploits4References12
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Team Rosters plugin <= 4.7 - Reflected Cross-Site Scripting via 'tab' vulnerability

Reflected Cross-Site Scripting via 'tab' vulnerability discovered by vgo0 in WordPress Plugin Team Rosters versions = 4.7...

6.1CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.8 views

xunruicms 代码问题漏洞

xunruicms is a website builder framework for XunRuiCMS individual developers. A code issue vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter v in the file admin79f2ec220c7e.php, which could lead to server-side request forgery...

7.2CVSS5AI score0.00359EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-54737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...

7.1CVSS6.4AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin Jobmonster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.1CVSS6AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.5 views

Mist 代码注入漏洞

Mist is the official command line interface to the makedeb package repository, a makedeb open source. A code injection vulnerability exists in Mist Community Edition 4.7.1 and earlier versions, which originates from a cross-site scripting attack in the parameter returnto in the file...

5.4CVSS4.8AI score0.0031EPSS
Exploits1References8
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

7.5CVSS7AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/19 2:6 a.m.3 views

WordPress FoodBakery plugin <= 4.7 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by Lucio Sá in WordPress Plugin FoodBakery versions = 4.7...

8.8CVSS8.9AI score0.00381EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-1813 · WordPress · Team Rosters

Name of the Vulnerable Software and Affected Versions: Team Rosters plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.00317EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.4 views

WordPress plugin YML for Yandex Market 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00398EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-27393 · Unknown · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager versions n/a through 4.71 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal attacks...

7.5CVSS7AI score0.00574EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.6 views

WordPress Plugin Tagembed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.4 views

PT-2024-12035 · Unknown · All In One Favicon

Name of the Vulnerable Software and Affected Versions: All In One Favicon versions through 4.7 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows an attacker to access files or directories...

6.8CVSS7AI score0.00777EPSS
Exploits0References3
OSV
OSV
added 2023/10/09 11:15 a.m.7 views

CVE-2023-44993

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.7.8 versions...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/06/19 7:46 p.m.17 views

4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1222 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts (>=4.7.0 <=4.9.1)

@openzeppelin/contracts NPM version =4.7.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34459 Source advisory: OSV:GHSA-WPRV-93R4-JJ2P...

5.9CVSS6.2AI score0.00371EPSS
Exploits0
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.6 views

NetApp SnapCenter 安全漏洞

NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.7 up to and including version 4.7P2 and version 4.8 up to and includin...

9.8CVSS8.3AI score0.00957EPSS
Exploits0References3
Rows per page
Query Builder