Lucene search
K

283 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.6 views

CVE-2015-9506

The Easy Digital Downloads EDD Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.8 views

CVE-2015-9527

The Easy Digital Downloads EDD Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.7 views

CVE-2015-9526

The Easy Digital Downloads EDD Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 a.m.8 views

CVE-2015-9525

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.5 views

CVE-2015-9512

The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

WordPress plugin Digital License Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS8AI score0.00308EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/03/24 9:26 p.m.3 views

WordPress Digital License Manager plugin <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function vulnerability

Reflected Cross-Site Scripting via removequeryarg Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Digital License Manager versions = 1.7.3...

6.1CVSS6.4AI score0.00308EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/27 2:15 a.m.3 views

UBUNTU-CVE-2024-58000

In the Linux kernel, the following vulnerability has been resolved: iouring: prevent reg-wait speculations With ENTEREXTARGREG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the offset, offset ...

5.5CVSS5.8AI score0.00177EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/02/20 12:0 a.m.5 views

The vulnerability of the ets_class_from_arg() function in the net/sched/sch_ets.c module of the net/sched subsystem of the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the etsclassfromarg function in the net/sched/schets.c module of the net/sched subsystem of the Linux operating system lies in the handling of buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6.6CVSS7.2AI score0.00596EPSS
Exploits1References26Affected Software6
OSV
OSV
added 2025/02/18 6:0 p.m.2 views

UBUNTU-CVE-2024-45775

A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...

5.2CVSS5.7AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.4 views

PT-2025-6506 · WordPress · S2Member

Name of the Vulnerable Software and Affected Versions: s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress versions up to, and including, 241114 Description: The issue is related to Reflected Cross-Site Scripting due t...

6.1CVSS8.7AI score0.00397EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/02/17 12:0 a.m.6 views

PT-2025-7663 · Net Snmp · Net-Snmp

Name of the Vulnerable Software and Affected Versions: netsnmp affected versions not specified Description: The issue is related to a heap-use-after-free error. Technical details about the error include the netsnmp hex to binary function, snmpv3 parse arg function, and netsnmp parse args function...

6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/08 12:0 a.m.5 views

PT-2025-6016 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A problematic vulnerability was found in RT-Thread. The issue affects the sys thread create function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument arg0 leads t...

4.8CVSS4.3AI score0.00289EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-2250 · WordPress · Stageshow

Name of the Vulnerable Software and Affected Versions: StageShow plugin for WordPress versions prior to 9.8.7 Description: The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...

6.1CVSS8.8AI score0.00337EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.5 views

PT-2025-4014 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A vulnerability has been found in the qrCode function of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the text argument...

6.9CVSS4.8AI score0.00369EPSS
Exploits0References8
OSV
OSV
added 2025/01/22 8:15 a.m.3 views

CVE-2024-13319

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS7.4AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-1638 · WordPress · Cluevo Lms

Name of the Vulnerable Software and Affected Versions: CLUEVO LMS, E-Learning Platform plugin for WordPress versions up to, and including, 1.13.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping o...

6.1CVSS6.8AI score0.00471EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.4 views

PT-2025-3712 · WordPress · Enable Accessibility

Name of the Vulnerable Software and Affected Versions: Enable Accessibility plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...

6.1CVSS6.7AI score0.00285EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

WordPress plugin GDY Modular Content 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin GDY Modula...

6.1CVSS6.8AI score0.00434EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.6 views

PT-2024-17428 · WordPress · Analytics Cat

Name of the Vulnerable Software and Affected Versions: Analytics Cat – Google Analytics Made Easy plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL...

6.1CVSS6.9AI score0.00291EPSS
Exploits0References6
Rows per page
Query Builder