Lucene search
K

30 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00243EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 1:16 p.m.13 views

CVE-2025-64152

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.7 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/11 3:32 p.m.43 views

CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS0.01041EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

8.1CVSS5.7AI score0.00715EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/04/27 12:0 a.m.8 views

ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.28) +12 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

8.6CVSS5.4AI score0.00394EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.5 views

CVE-2025-36243

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/13 1:8 a.m.7 views

WordPress Solutions Ad Manager plugin <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability

Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin Solutions Ad Manager versions = 1.0.0...

4.7CVSS6.8AI score0.00257EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/18 2:0 p.m.5 views

CVE-2025-27909 IBM Concert Software cross-origin resource sharing

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing CORS which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains...

5.4CVSS7.4AI score0.00198EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/07/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.02101EPSS
In wildExploits4References76
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.6 views

PT-2024-36108 · WordPress · Wprealizer Unlock Addons For Elementor

Name of the Vulnerable Software and Affected Versions: WPRealizer Unlock Addons for Elementor versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows DOM-Based XSS. This is a...

6.5CVSS6.6AI score0.00299EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/11/17 12:30 p.m.6 views

cn.tenmg:flink-connector-sqlserver-cdc-log (=1.0.0), com.ascentstream.pulsar:pulsar-io-debezium-mssql (>=2.10.6.9 <=2.10.7.4-SNAPSHOT-35e64fa) +28 more potentially affected by CVE-2023-1419 via io.debezium:debezium-connector-sqlserver (>=1.0.0.Final <=2.2.1.Final)

io.debezium:debezium-connector-sqlserver MAVEN version =1.0.0.Final, =2.10.6.9, =2.2.0, =0.1.0, =0.4.1, =2.9.0-candidate-4, =0.1.0, =1.0.0, =1.0.0, =1.0.0-CR2, =3.1.0, =3.1.0, =3.1.0, =3.6.0-2.2 and more Source cves: CVE-2023-1419 S...

5.9CVSS6.2AI score0.0038EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.13 views

PT-2024-33469 · WordPress · Wp Rest Api Fns

Name of the Vulnerable Software and Affected Versions: WP REST API FNS versions 1.0.0 and earlier Description: There is an Authentication Bypass Using an Alternate Path or Channel issue in WP REST API FNS, allowing users to bypass authentication. This lets users gain unauthorized access...

9.8CVSS7.1AI score0.01461EPSS
Exploits2References16
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.11 views

WordPress SafetyForms Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software SafetyForms Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-49615 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 8ae3175dd1dc Credits João Pedro S Alcântara Kinorth Requir...

8.8CVSS8.9AI score0.00215EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.8 views

PT-2024-39845 · Zowe · Zowe

Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...

9CVSS7AI score0.00228EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.7 views

PT-2024-37503 · Unknown · Lahirudanushka School Management System

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue was found in the lahirudanushka School Management System, affecting the Parent Page component, specifically the file parent.php. The manipulati...

8.8CVSS5.6AI score0.00585EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/06/23 12:0 a.m.6 views

School-Management-System SQL Injection Vulnerability

School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0 and 1.0.1, which stems from a parameter email in the file login.php that can lead to SQL injection...

9.8CVSS7.9AI score0.00574EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.5 views

PT-2024-14124 · Unknown · Universal Passport Rx

Name of the Vulnerable Software and Affected Versions: UNIVERSAL PASSPORT RX versions 1.0.0 through 1.0.8 Description: A cross-site scripting issue exists, which may allow a remote authenticated attacker with administrative privileges to execute an arbitrary script on the user's web browser...

5.9CVSS6.6AI score0.00247EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.7 views

PT-2024-31553

Name of the Vulnerable Software and Affected Versions Business Card WordPress plugin versions 1.0.0 and earlier Description The issue concerns a lack of CSRF checks in certain areas, allowing attackers to potentially make logged-in users perform unwanted actions, such as editing card categories v...

6.3CVSS5.9AI score0.00209EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.12 views

PT-2024-22731 · Tablesome · Tablesome

Name of the Vulnerable Software and Affected Versions: Table & Contact Form 7 Database – Tablesome versions 1.0.0 through 1.0.27 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS, which c...

7.1CVSS9.3AI score0.00419EPSS
Exploits0References6
Rows per page
Query Builder