Lucene search
K

328 matches found

Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1565

Name of the Vulnerable Software and Affected Versions Quote Comments plugin for WordPress versions through 3.0.0 Description The Quote Comments plugin for WordPress is susceptible to a missing authorization issue. This flaw stems from the absence of proper authorization checks within the...

5.3CVSS6.4AI score0.00158EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/31 12:31 a.m.5 views

EUVD-2022-55923

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

6.1CVSS6.1AI score0.00297EPSS
Exploits1References7
OSV
OSV
added 2025/12/30 11:15 p.m.4 views

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

5.1CVSS5.9AI score0.00297EPSS
Exploits1References6
NVD
NVD
added 2025/12/30 11:15 p.m.5 views

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

6.1CVSS0.00297EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/30 10:42 p.m.2 views

CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

6.1CVSS6.2AI score0.00297EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/30 10:42 p.m.26 views

CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentiall...

6.1CVSS0.00297EPSS
Exploits1References6
CVE
CVE
added 2025/12/30 10:42 p.m.10 views

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 is affected by an unauthenticated reflected XSS in the 'action' GET parameter. The vulnerability allows injection of HTML/JavaScript to execute in victims’ browsers, potentially leaking credentials or enabling unauthorized actions. The issue is documented across multi...

6.1CVSS6.2AI score0.00297EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.5 views

ETAP Safety Manager 跨站脚本漏洞

ETAP Safety Manager is a centralized monitoring and management system for emergency lighting from ETAP. A cross-site scripting vulnerability exists in ETAP Safety Manager version 1.0.0.32, which stems from a cross-site scripting vulnerability in the action GET parameter that could lead to malicio...

6.1CVSS6AI score0.00297EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.6 views

HaloBot 安全漏洞

HaloBot is a robotics framework by the individual developers at SNRainiar. A security vulnerability exists in HaloBot, which stems from the incorrect manipulation of the parameter action in the file plugins/htmlrenderer/index.js, which could lead to dynamically managed code resources...

6.5CVSS6.5AI score0.00224EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-14170

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.5 views

EUVD-2025-203015

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

5.3CVSS5.4AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.2 views

CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.20 views

CVE-2025-14170

CVE-2025-14170 (Vimeo SimpleGallery) : The WordPress plugin Vimeo SimpleGallery is vulnerable to Missing Authorization in all versions up to 0.2 due to missing authorization checks in vimeogallery_admin hooked to admin_menu. This allows authenticated attackers with Subscriber-level access and abo...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

6.5CVSS7AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2025/10/21 5:15 p.m.6 views

CVE-2025-62598

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS0.0022EPSS
Exploits1References2
OSV
OSV
added 2025/10/21 4:34 p.m.7 views

CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS5.8AI score0.0022EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/21 4:34 p.m.8 views

EUVD-2025-35183

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS5.3AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/21 4:34 p.m.10 views

CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/21 4:34 p.m.4 views

CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS5.4AI score0.0022EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/19 12:0 a.m.5 views

e107 路径遍历漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A path traversal vulnerability exists in...

8.1CVSS5.4AI score0.00834EPSS
Exploits1References5
Rows per page
Query Builder