Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15120

Malicious code in bioql PyPI...

6.4CVSS7.3AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.5 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 9:48 a.m.7 views

CVE-2024-56181

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...

8.4CVSS5.8AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/02/27 11:22 p.m.98 views

CVE-2024-12811

The CVE CVE-2024-12811 affects the Traveler WordPress theme (versions up to 3.1.8). It describes an authenticated Local File Inclusion via the hotel_alone_slider shortcode’s style attribute, enabling an attacker with contributor+ permissions to include arbitrary server files and execute PHP code....

8.8CVSS7.8AI score0.00697EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.624 views

Wattsense Bridge 6.x Remote Root / Information Disclosure

Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...

9.8CVSS7.3AI score0.00663EPSS
Exploits1
NVD
NVD
added 2025/01/17 7:15 a.m.14 views

CVE-2024-12508

The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofoxleadcapture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.15 views

CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.9AI score0.00609EPSS
Exploits2References3
Rows per page
Query Builder