CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/04/01 2:51 p.m.•3 views

CVE-2025-31810 WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70...

5.3CVSS7.1AI score0.00453EPSS

Cvelist•added 2025/04/01 2:51 p.m.•10 views

CVE-2025-31810 WordPress Question Answer plugin <= 1.2.73 - Broken Access Control vulnerability

5.3CVSS0.00453EPSS

Snyk•added 2025/04/01 9:30 a.m.•1 views

Private Data Structure Returned From A Public Method

Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...

OSV•added 2025/04/01 9:30 a.m.•9 views

GHSA-WQCC-MFHW-53PC Apache Answer User Using External Images Potentially Discloses User Information

Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of th...

Github Security Blog•added 2025/04/01 9:30 a.m.•11 views

Exploits0References7

Apache Answer User Using External Images Potentially Discloses User Information

Exploits0References7Affected Software1

OSV•added 2025/04/01 8:15 a.m.•7 views

CVE-2025-29868

6.5CVSS6.3AI score

Exploits0References4

NVD•added 2025/04/01 8:15 a.m.•10 views

CVE-2025-29868

6.5CVSS0.0155EPSS

Exploits0References4

Vulnrichment•added 2025/04/01 7:56 a.m.•10 views

CVE-2025-29868 Apache Answer: Using externally referenced images can leak user privacy.

6.7AI score0.0155EPSS

CVE•added 2025/04/01 7:56 a.m.•77 views

CVE-2025-29868

CVE-2025-29868 affects Apache Answer up to version 1.4.2. A public method returns a private data structure, enabling potential disclosure of a user’s IP address when external images are accessed. The issue is mitigated in version 1.4.5, which adds a configurable setting to control whether externa...

Exploits0References4Affected Software1

Cvelist•added 2025/04/01 7:56 a.m.•14 views

CVE-2025-29868 Apache Answer: Using externally referenced images can leak user privacy.

0.0155EPSS

CNNVD•added 2025/04/01 12:0 a.m.•1 views

WordPress plugin Question Answer 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6AI score0.00453EPSS

CNNVD•added 2025/04/01 12:0 a.m.•2 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache USA Foundation. An information disclosure vulnerability exists in Apache Answer 1.4.2 and earlier versions, which stems from a public method returning a private data structure, and can be exploited by an attacker to cause IP address disclosure...

6.5CVSS6.2AI score0.0155EPSS

Positive Technologies•added 2025/04/01 12:0 a.m.•2 views

PT-2025-14192 · Pickplugins · Pickplugins Question Answer

Name of the Vulnerable Software and Affected Versions: PickPlugins Question Answer versions 1.2.70 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.2.70 an...

5.3CVSS9.3AI score0.00453EPSS

Exploits0References3

RedhatCVE•added 2025/02/14 11:45 a.m.•6 views

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

4.6CVSS6AI score0.0038EPSS

RedhatCVE•added 2025/02/14 11:3 a.m.•7 views

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.1CVSS6.6AI score0.26731EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 10:47 a.m.•4 views

CVE-2024-26578

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

5.9CVSS6.8AI score0.0029EPSS

Github Security Blog•added 2025/01/14 7:41 p.m.•11 views

Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

5.8CVSS6.7AI score0.0018EPSS

Exploits0References3Affected Software2

Snyk•added 2025/01/14 7:41 p.m.•1 views

Improper Input Validation

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submi...

6.9CVSS6.9AI score0.0018EPSS