Lucene search
K

889 matches found

RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.16 views

CVE-2025-13311

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.7 views

PT-2025-47606

Name of the Vulnerable Software and Affected Versions Snipe-IT version 8.3.4 build 20218 Description The software contains a reflected cross-site scripting XSS issue within the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress message value that is...

6.1CVSS5.7AI score0.00215EPSS
Exploits2References10
Cvelist
Cvelist
added 2025/11/11 7:31 a.m.9 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.8 views

CVE-2025-12631 Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/10 12:0 a.m.9 views

CVE-2025-63711

A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...

0.00178EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.12 views

CVE-2025-12520

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, wit...

4CVSS4.8AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 3:15 p.m.4 views

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

7.2CVSS8.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-45018

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir lacks authentication mechanisms for critical functions, including admin access and API requests. This allows attackers to modify configurations without...

10CVSS6.6AI score0.0071EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/01 9:30 a.m.10 views

EUVD-2025-37425

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

4.9CVSS5.4AI score0.00431EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/11/01 4:27 a.m.3 views

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS4.6AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 2025/10/29 10:15 a.m.9 views

CVE-2015-10147

The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS0.0027EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/27 12:46 a.m.263 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

Pluck CMS 4.7.13 File Upload RCE Exploit !Exploit Bannerht...

7.2CVSS9AI score0.33428EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/10/22 1:12 a.m.8 views

CVE-2025-7850

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

9.3CVSS7.8AI score0.02171EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 1:15 a.m.4 views

CVE-2025-7850

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

7.2CVSS5.7AI score0.02171EPSS
Exploits0References5
NVD
NVD
added 2025/10/21 1:15 a.m.10 views

CVE-2025-7850

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

9.3CVSS0.02171EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/21 12:28 a.m.4 views

EUVD-2025-35116

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

9.3CVSS7.3AI score0.02171EPSS
Exploits0References5
CVE
CVE
added 2025/10/17 5:23 p.m.17 views

CVE-2025-62424

CVE-2025-62424 concerns ClipBucket, a web-based video-sharing platform. A path traversal flaw exists in the /admin_area/template_editor.php endpoint for ClipBucket versions 5.5.2 - #146 and earlier, caused by inadequate validation of the file-loading path. This allows authenticated administrators...

6.7CVSS6AI score0.00858EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 9:50 a.m.18 views

CVE-2025-62376

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS6.9AI score0.00573EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/09 8:53 p.m.11 views

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS0.00328EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 8:53 p.m.5 views

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS6.3AI score0.00328EPSS
Exploits0References3
Rows per page
Query Builder