Lucene search
+L

439 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 6:11 p.m.8 views

CVE-1999-0704

Buffer overflow in Berkeley automounter daemon amd logging facility provided in the Linux am-utils package and others...

9.3CVSS7.3AI score0.0446EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/01 9:35 p.m.8 views

WordPress AM LottiePlayer plugin <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Uploaded Lottie File vulnerability discovered by Avraham Shemesh in WordPress Plugin AM LottiePlayer versions = 3.5.3...

6.4CVSS6.8AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/05/01 12:15 p.m.18 views

CVE-2025-1529

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 11:11 a.m.10 views

CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 11:11 a.m.23 views

CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 11:11 a.m.66 views

CVE-2025-1529

CVE-2025-1529 : AM LottiePlayer for WordPress is vulnerable to stored XSS via uploaded Lottie files in all versions up to and including 3.5.3. Exploitation requires authenticated access at Author level or higher. Root cause: insufficient input sanitization and output escaping. Affected software: ...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/05 8:21 a.m.4 views

CVE-2025-0990 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery

The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...

4.3CVSS6.7AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2025/03/05 8:21 a.m.66 views

CVE-2025-0990

CVE-2025-0990 I Am Gloria (WordPress) : The Gloria assistant WordPress plugin is vulnerable to Cross‑Site Request Forgery in versions up to and including 1.1.4 due to missing/incorrect nonce validation on the iamgloria23_gloria_settings_page function. This enables unauthenticated attackers to res...

4.3CVSS6.7AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 8:21 a.m.17 views

CVE-2025-0990 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery

The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...

4.3CVSS0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.6 views

WordPress plugin I Am Gloria 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.8AI score0.00138EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/04 10:24 p.m.8 views

WordPress I Am Gloria plugin <= 1.1.4 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Keyvan Hardani in WordPress Plugin I Am Gloria versions = 1.1.4...

4.3CVSS7AI score0.00138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/26 4:55 p.m.30 views

CVE-2024-9166 OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver

The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access...

9.3CVSS0.01578EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/09/26 4:55 p.m.26 views

CVE-2024-9166 OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver

The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access...

9.3CVSS7.8AI score0.01578EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.5 views

Atelmo Atemio AM 520 HD Full HD Satellite Receiver 操作系统命令注入漏洞

The Atelmo Atemio AM 520 HD Full HD Satellite Receiver is a satellite receiver from Atelmo, Germany. An operating system command injection vulnerability exists in the Atelmo Atemio AM 520 HD Full HD Satellite Receiver, which stems from improper neutralization of the particular element used...

9.3CVSS7.2AI score0.01578EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.8 views

PT-2024-39466

Name of the Vulnerable Software and Affected Versions Atelmo Atemio AM 520 HD Full HD Satellite Receiver affected versions not specified Description The device allows an unauthorized attacker to execute system commands with elevated privileges. This is facilitated through the use of the getcomman...

9.3CVSS7AI score0.01578EPSS
Exploits2References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/23 10:55 p.m.6 views

Malicious code in expkg-am (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36b7980049911172764372f2e4d93b74e1ff019b9c6f9860be544e91f7f79a28 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

7.5AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/08/07 3:30 p.m.5 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-42005 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-42005 Source advisory: OSV:GHSA-PV4P-CWWG-4RPH...

9.8CVSS6.8AI score0.01227EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/07 3:30 p.m.5 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41991 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41991 Source advisory: OSV:GHSA-R836-HH6V-RG5G...

7.5CVSS6.8AI score0.00946EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/07 3:15 p.m.4 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41991 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41991 Source advisory: OSV:PYSEC-2024-69...

7.5CVSS6.8AI score0.00946EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/07 3:15 p.m.7 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

7.5CVSS6.7AI score0.01258EPSS
Exploits0
Rows per page
Query Builder