Lucene search
K

29 matches found

CVE
CVE
added 6 days ago15 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
CVE
CVE
added 2026/06/22 7:32 p.m.31 views

CVE-2026-10852

CVE-2026-10852 affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty via the WebSphere WebServer Plug-in. The IBM and NVD entries describe a denial-of-service vulnerability triggered by crafted requests to the web server. Affected versions include IBM WebSphere App...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/11 2:34 p.m.37 views

CVE-2026-7870

CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/30 9:45 p.m.23 views

CVE-2026-2311

CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...

9.8CVSS5.2AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/30 9:45 p.m.32 views

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

6.4CVSS0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.4 views

PT-2026-36207

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description An invalid authorization check in the IBM i Web Administration GUI allows for privilege escalation. This flaw enables a malicious actor to execute user-controlled code with administrator privileges...

9.8CVSS6AI score0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11945

Cross-Site Request Forgery CSRF vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through = 7.6.6...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/26 5:27 p.m.5 views

WordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by letchupkt in WordPress Plugin GamiPress versions = 7.6.6...

5.4CVSS5.8AI score0.00104EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/30 11:15 a.m.3 views

CVE-2025-68997

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...

5.3CVSS0.00304EPSS
Exploits0References1
OSV
OSV
added 2025/11/30 3:30 a.m.6 views

GHSA-P3P5-XRMV-4J6X trytond does not enforce access rights for the route of the HTML editor.

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

7.1CVSS6.6AI score0.00196EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 7:45 p.m.21 views

CVE-2025-36371

Summary: CVE-2025-36371 affects IBM i versions 7.2–7.6. The vulnerability is an information disclosure in the database plan cache implementation that could allow a user with database plan cache access to see information they are not authorized to view. Affected products/versions: IBM i 7.2, 7.3, ...

6.5CVSS6.1AI score0.00238EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.5 views

PT-2025-44724

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description IBM i is susceptible to a privilege escalation issue stemming from an incorrect IBM i SQL services authorization check. An attacker can exploit this to leverage the privileges of another user profile...

8.8CVSS7AI score0.00285EPSS
Exploits0References5
NVD
NVD
added 2025/10/21 8:20 p.m.7 views

CVE-2025-53049

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Administration. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

8.4CVSS0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.7 views

CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

7CVSS7AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 6:15 p.m.4 views

CVE-2025-1255

Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9...

9.1CVSS5.8AI score0.00345EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.5 views

Fortinet FortiOS Security Fabric 安全漏洞

Fortinet FortiOS Security Fabric is a network security platform from Fortinet, Inc. A security vulnerability exists in Fortinet FortiOS Security Fabric versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all, 7.0 all, and 6.4 all, which stems from an improper assignment of privileges and could...

7.2CVSS6.5AI score0.00571EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

WordPress Plugin Link Library Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.5CVSS8.1AI score0.00415EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.4 views

SUSE CVE-2022-21326

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.02621EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/23 12:0 a.m.5 views

PT-2021-6624 · Oracle +1 · Mysql Cluster +1

Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 7.4.34 and prior MySQL Cluster versions 7.5.24 and prior MySQL Cluster versions 7.6.20 and prior MySQL Cluster versions 8.0.27 and prior Description: The issue is related to a buffer overflow vulnerability in the MySQL...

10CVSS7.1AI score0.87816EPSS
Exploits22References426
OSV
OSV
added 2021/03/31 6:15 p.m.6 views

CVE-2021-23005

On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...

9.1CVSS5.8AI score0.00998EPSS
Exploits0References1
Rows per page
Query Builder