Lucene search
K

68 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.15 views

PT-2026-35373

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description A flaw in the resolveClass function of AbstractIoBuffer allows a bypass of the classname allowlist for...

9.8CVSS6.2AI score0.0064EPSS
Exploits0References281
RedhatCVE
RedhatCVE
added 2026/01/17 8:19 a.m.13 views

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.6AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 8:15 a.m.6 views

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS0.00172EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/16 7:32 a.m.7 views

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.10 - Reflected Cross-Site Scripting via className vulnerability discovered by Deadbee - NA in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

6.1CVSS6.4AI score0.00172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:23 a.m.29 views

CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 7:23 a.m.3 views

CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 7:23 a.m.22 views

CVE-2025-14375

CVE-2025-14375 concerns the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging.” Reports consistently describe a Reflected Cross-Site Scripting vulnerability via the className parameter in versions up to and including 5.0.10, arising from insufficient input ...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:23 a.m.5 views

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28448

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00235EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/24 9:30 p.m.5 views

Prototype Pollution

Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution via the initializeState function. An attacker can cause a denial of service by injecting malicious properties in...

8.8CVSS7.9AI score0.00326EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/12 12:38 a.m.3 views

Malicious code in tailwind-classname-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 778af8e6403754b5650e5c08f6d16458ed8399f7cb2886350369e04ac242e07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/12 12:38 a.m.2 views

Malicious Package

Overview tailwind-classname-overrides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/12 12:38 a.m.2 views

MAL-2025-47104 Malicious code in tailwind-classname-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 778af8e6403754b5650e5c08f6d16458ed8399f7cb2886350369e04ac242e07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2025/08/28 7:15 a.m.4 views

CVE-2025-6255

The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00223EPSS
Exploits0References4
CVE
CVE
added 2025/08/28 6:42 a.m.22 views

CVE-2025-6255

CVE-2025-6255 affects the WordPress plugin Dynamic AJAX Product Filters for WooCommerce . Root cause: insufficient input sanitization and output escaping in the className parameter, enabling Stored Cross‑Site Scripting . Affected versions: all up to and including 1.3.7 . Impact: authenticated att...

6.4CVSS5.6AI score0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/28 6:42 a.m.1 views

CVE-2025-6255 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-34969

Name of the Vulnerable Software and Affected Versions: Dynamic AJAX Product Filters for WooCommerce plugin for WordPress versions prior to 1.3.8 Description: The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting via the className...

6.4CVSS5.1AI score0.00223EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/07/18 5:23 a.m.9 views

CVE-2025-5754 Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00218EPSS
Exploits0References3
CNVD
CNVD
added 2025/06/27 12:0 a.m.3 views

Pre-School Enrollment System add-class.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...

8.8CVSS8.2AI score0.00318EPSS
Exploits1References1
OSV
OSV
added 2025/06/20 9:15 a.m.8 views

CVE-2025-6320

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...

8.8CVSS5.7AI score0.00318EPSS
Exploits1References5
Rows per page
Query Builder