Lucene search
K

14 matches found

NVD
NVD
added 2026/02/13 10:16 p.m.6 views

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

8.8CVSS0.00316EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.5 views

CVE-2020-37135

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...

9.3CVSS5.4AI score0.00428EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/11/25 6:15 p.m.3 views

CVE-2025-64062

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

8.8CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/20 3:41 p.m.3 views

CVE-2025-10678 Admin with default credentials in NetBird VPN

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

9.3CVSS6.7AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 5:15 a.m.3 views

CVE-2024-13852

The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...

8.8CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2024/06/06 2:15 a.m.9 views

CVE-2024-5324

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...

8.8CVSS5.8AI score0.01507EPSS
Exploits0References3
0day.today
0day.today
added 2022/06/27 12:0 a.m.683 views

Library Management System With QR Code 1.0 SQL Injection Vulnerability

Title: Library Management System with QR code Attendance 1.0 SQL Injection Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.299 views

WordPress GiveWP 2.9.7 Cross Site Scripting

Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...

6.3AI score0.0137EPSS
Exploits4
Veracode
Veracode
added 2019/05/02 5:51 a.m.22 views

Cross-Site Scripting (XSS)

archiva-repository-admin-default is vulnerable to cross-site scripting. A remote authenticated attacker who has administrative access to modify the central configurations, is able to inject arbitrary Javascript into a victim's browser via the central configuration entries such as the logo URL...

6.5CVSS6AI score0.04933EPSS
Exploits1References10Affected Software1
CNVD
CNVD
added 2019/02/19 12:0 a.m.2 views

PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2019-35826)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in the admin/default.php file in PHPMyWind v5.5, which can be exploited by a remote attacker to inject arbitrary Web script or HTML with the help of HTTP...

4.8CVSS6.1AI score0.00583EPSS
Exploits1References1
OSV
OSV
added 2019/02/18 12:29 a.m.1 views

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

4.8CVSS5.8AI score0.00583EPSS
Exploits1References1
OSV
OSV
added 2018/09/20 8:29 p.m.5 views

CVE-2018-16752

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases...

8.8CVSS5.8AI score0.42657EPSS
Exploits2References2
myhack58
myhack58
added 2011/04/27 12:0 a.m.12 views

Km tourism site management system 3. 0 many of the mentally vulnerability and fix-vulnerability warning-the black bar safety net

by:Mr. DzY Km tourism site management system is the latest development of a tourism industry website management system, effective to help you build the tourism electronic Commerce website. The system contains the article release module, hotel module, ticket module, vacation module, module, image...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.37 views

The Amazing Little Poll Admin Pwd

SOFTWARE ========= The Amazing Little Poll DESCRIPTION ============ google dork = "The Amazing Little Poll" and go to admin page /lpadmin.php default password dsapoll input to login admin or add to last path /lpsettings.inc and take administrator passwd $pwd="dsapoll"; ; create a new pol...

7.2AI score
Exploits0
Rows per page
Query Builder