Lucene search
+L

57 matches found

CNNVD
CNNVD
added 2025/09/08 12:0 a.m.7 views

ELADMIN 授权问题漏洞

ELADMIN is a backend management system for elunez individual developers. An authorization issue vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from an improper authorization issue in the /api/logs/error/1 file...

5.3CVSS4.8AI score0.00263EPSS
Exploits0References5
NVD
NVD
added 2025/09/03 3:15 p.m.17 views

CVE-2025-58606

Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through = 1.3.0...

5CVSS0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.5 views

PT-2025-34999

Name of the Vulnerable Software and Affected Versions: wptableeditor Table Editor versions n/a through 1.6.4 Description: A Cross-Site Request Forgery CSRF issue exists in wptableeditor Table Editor, allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

4.3CVSS6.2AI score0.00131EPSS
Exploits0References3
NVD
NVD
added 2025/08/27 6:15 p.m.4 views

CVE-2025-58192

Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through = 1.3.6...

5.4CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 3:24 a.m.17 views

CVE-2025-49040

CVE-2025-49040 is a CSRF vulnerability in the WordPress plugin Backup Bolt. Public details indicate it affects versions up to 1.4.1 (initial description), with Patchstack noting vulnerable versions up to 1.5.0. CVSS 3.1 base score 4.3 (Medium) with network attack vector, low attack complexity, no...

4.3CVSS5.9AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2025/08/25 9:15 p.m.18 views

CVE-2025-57805

CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...

8.7CVSS6.4AI score0.003EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/22 4:49 p.m.12 views

Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

6.1CVSS6.2AI score0.00434EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.11 views

CVE-2025-49408

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7...

10CVSS5.2AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.13 views

CVE-2025-54049

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...

9.9CVSS5.9AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 9:43 p.m.17 views

CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

9.1CVSS0.0047EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34020

Name of the Vulnerable Software and Affected Versions: vcita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.5.3 Description: The software contains a vulnerability that allows for the upload of files with dangerous types. This enables the use of malicious files...

9.1CVSS6.5AI score0.00407EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/16 7:23 p.m.9 views

CVE-2025-52797

Cross-Site Request Forgery CSRF vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through = 2.1...

8.2CVSS5.9AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 6:21 p.m.25 views

CVE-2025-53587

CVE-2025-53587 – WordPress Findgo Theme CSRF : The Findgo WordPress theme (ApusTheme Findgo) is affected up to version 1.3.57. The vulnerability is a Cross-Site Request Forgery (CSRF) that could allow an attacker to perform actions on behalf of an authenticated user. Public sources in the connect...

8.8CVSS5.9AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/10 2:2 p.m.36 views

CVE-2025-8812 atjiu pybbs Admin Panel settings cross site scripting

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS0.00324EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-2056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Difficult to exploi...

6.3CVSS5.9AI score0.01722EPSS
Exploits0References2
CVE
CVE
added 2025/05/19 7:10 p.m.31 views

CVE-2025-39403

CVE-2025-39403 is an unauthenticated SQL Injection vulnerability in the WordPress WPAMS (Apartment Management System) plugin, affecting versioned releases up to 44.0 (as of 17-08-2023). The root cause is improper neutralization of special elements in SQL commands, enabling attackers to exploit th...

8.5CVSS7.3AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.16 views

CVE-2025-47648

Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...

7.1CVSS0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/30 12:36 p.m.19 views

CVE-2025-31434

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...

6.5CVSS7.2AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.8 views

PT-2024-31181 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is a stack overflow that occurs through the adv.iptv.stbpvid parameter in the setIptvInfo function. This allows for potential exploitation. No information is provided about the estimated...

9.8CVSS7.4AI score0.0063EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2024/08/18 3:15 p.m.6 views

CVE-2024-43307

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder