Lucene search
K

9293 matches found

OSV
OSV
added 2025/06/11 12:15 p.m.3 views

CVE-2025-5986

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

6.5CVSS6.6AI score
Exploits0References4
Cvelist
Cvelist
added 2025/06/11 12:7 p.m.11 views

CVE-2025-5986 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

0.00466EPSS
Exploits0References3
NVD
NVD
added 2025/06/11 7:15 a.m.13 views

CVE-2025-5395

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS0.00643EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/11 6:39 a.m.4 views

CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS7.9AI score0.00643EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/11 6:39 a.m.19 views

CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

8.8CVSS0.00643EPSS
Exploits0References2
Fedora
Fedora
added 2025/06/11 2:46 a.m.5 views

[SECURITY] Fedora 42 Update: qt6-qtvirtualkeyboard-6.9.1-1.fc42

The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...

8.4CVSS7.3AI score0.00309EPSS
Exploits0
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.1 views

WordPress plugin WordPress Automatic Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS8.2AI score0.00643EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.4 views

PT-2025-25182 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions up to 3.115.0 Description: The WordPress Automatic Plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file. This allows authenticated attackers with...

8.8CVSS8.6AI score0.00643EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.2 views

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation in the United States that is separate from the Mozilla Application Suite. The software supports the IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla...

6.5CVSS7AI score0.00466EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/08 12:0 a.m.8 views

Fedora 43 : rust-git-interactive-rebase-tool (2025-3b4c75f23c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3b4c75f23c advisory. Automatic update for rust-git-interactive-rebase-tool-2.4.1-9.fc43. Changelog Sun Jun 8 2025 Benjamin Gilbert - 2.4.1-9 - Rebuild for CVE-2024-12224...

8.8CVSS6.5AI score0.00465EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/06 12:0 a.m.4 views

Fedora 43 : krb5 (2025-1c915db8a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-1c915db8a5 advisory. Automatic update for krb5-1.21.3-6.fc43. Changelog Wed Jun 4 2025 Julien Rische - 1.21.3-6 - Do not block HMAC-MD4/5 in FIPS mode Resolves: rhbz2370259 -...

5.9CVSS6.9AI score0.00276EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2025/06/02 5:0 p.m.13 views

Discover how automatic attack disruption protects critical assets while ensuring business continuity

Traditional security solutions often operate in a one-size-fits-all alert model that treats every detection equally, regardless of how important the asset is. But not all assets are equal. Critical assets are systems governing access, identity, or sensitive data. They are essential to an...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.12 views

Amazon Linux 2 : thunderbird (ALAS-2025-2859)

The version of thunderbird installed on the remote host is prior to 128.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2859 advisory. Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From...

8.1CVSS6.8AI score0.00363EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.4 views

The vulnerability in the software for automatic checking of updates for the Microsoft Edge Update browser lies in the improper handling of symbolic links before accessing the file. This allows a malicious actor to elevate their privileges to a system level.

The vulnerability in the software for automatic checking of updates for the Microsoft Edge Update browser is related to an incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability could allow a malicious individual to elevate their privileges to a system lev...

8.8CVSS5.4AI score0.00491EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2024-6ac71752a4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02298EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2024-b58afe0982)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.8AI score0.01275EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-e4c104502d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS4.5AI score0.01499EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2024-e253f0b07c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS6AI score0.0029EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2024-22a01aab2f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.1AI score0.01939EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2024-d1d07e01e8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.01034EPSS
Exploits0References4
Rows per page
Query Builder