Lucene search
K

2405 matches found

NVD
NVD
added 2025/01/15 4:15 p.m.18 views

CVE-2025-22784

Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...

8.6CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/15 3:23 p.m.15 views

CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...

8.6CVSS0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/15 3:23 p.m.5 views

CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...

8.6CVSS8.6AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.2 views

WordPress plugin Background Control 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.6CVSS8AI score0.00257EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/13 7:55 p.m.5 views

WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Background Control versions = 1.0.5...

8.6CVSS7AI score0.00257EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.6 views

CVE-2024-12327

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.4 views

CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS6.7AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.15 views

CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 2025/01/07 4:22 a.m.42 views

CVE-2024-12327

CVE-2024-12327 concerns the LazyLoad Background Images WordPress plugin. The vulnerability is a missing capability check in pblzbg_save_settings(), allowing authenticated attackers with Subscriber-level access and above to modify the plugin’s settings. Affected versions are all up to and includin...

4.3CVSS4.4AI score0.00321EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/06 6:2 p.m.4 views

WordPress LazyLoad Background Images plugin <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by Mika in WordPress Plugin LazyLoad Background Images versions = 1.0.7...

4.3CVSS7AI score0.00321EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.4 views

PT-2025-3813 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue has been discovered in GitLab CE/EE where under certain conditions, processing of CI artifacts...

4.3CVSS6.5AI score0.00358EPSS
Exploits0References15
OSV
OSV
added 2024/12/30 5:15 p.m.4 views

CVE-2024-12754

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

5.5CVSS6.2AI score0.01165EPSS
Exploits0References1
CVE
CVE
added 2024/12/30 4:51 p.m.139 views

CVE-2024-12754

CVE-2024-12754 affects AnyDesk. The flaw is in how background images are handled; by creating a junction, a local attacker can abuse the service to read arbitrary files and disclose stored credentials. Affected behavior requires low-privilege code execution on the target and results in informatio...

5.5CVSS5.2AI score0.01165EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/12/23 1:10 p.m.80 views

Exploit for Cross-site Scripting in Squidex.Io Squidex

CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex...

6.1CVSS7.2AI score0.02932EPSS
Exploits2
Cvelist
Cvelist
added 2024/12/20 6:59 a.m.16 views

CVE-2024-11775 Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.2 views

WordPress plugin Particle Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS7.4AI score0.00331EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-17249 · WordPress · Particle Background

Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...

6.4CVSS7.8AI score0.00331EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/12/19 9:28 p.m.3 views

WordPress Particle Background plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Particle Background versions = 1.0.2...

6.4CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/12/18 6:15 p.m.4 views

CVE-2024-55089

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...

4.1CVSS5.5AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/18 12:0 a.m.16 views

CVE-2024-55089

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...

4.1CVSS0.00208EPSS
Exploits0References3
Rows per page
Query Builder