Lucene search
K

3862 matches found

CNNVD
CNNVD
added 2025/11/04 12:0 a.m.3 views

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from an unvalidated comment length...

7.5CVSS6.5AI score0.00343EPSS
Exploits0References4
NVD
NVD
added 2025/11/03 9:19 p.m.3 views

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

6.5CVSS0.00325EPSS
Exploits1References2
OSV
OSV
added 2025/11/03 9:19 p.m.5 views

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

6.5CVSS5.9AI score0.00325EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/02 5:44 a.m.19 views

CVE-2025-11983

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/01 6:30 a.m.3 views

EUVD-2025-37422

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References6
NVD
NVD
added 2025/11/01 6:15 a.m.9 views

CVE-2025-11983

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

4.3CVSS0.00245EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/01 5:40 a.m.4 views

CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

4.3CVSS0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/01 5:40 a.m.3 views

CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure

The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2025/11/01 5:40 a.m.9 views

CVE-2025-11983

The WP Discourse WordPress plugin (versions up to and including 2.5.9) exposes Discourse API credentials (Api-Key and Api-Username) by unconditionally sending them to any host specified in a post’s discourse_permalink field during comment synchronization. This information exposure can be exploite...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.5 views

PT-2025-44710

Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...

4.3CVSS6AI score0.00245EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/30 5:38 p.m.4 views

EUVD-2025-37172

Malicious code in epic-comment-rating npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.4 views

Malicious code in epic-comment-rating-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e3cd259d5ade70b14b1659d77f4d7271460e40c6329a4c9dd43c8727e251da The package epic-comment-rating-frontend was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.4 views

Malicious code in epic-comment-rating (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482eaca9889c0f8ac5d950fc6630478102d1ced2132fb08c5ad85366b6954ac The package epic-comment-rating was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.5 views

Malicious code in epic-comment-rating-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37170

Malicious code in epic-comment-rating-service npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.2 views

EUVD-2025-37171

Malicious code in epic-comment-rating-frontend npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.2 views

MAL-2025-49121 Malicious code in epic-comment-rating (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482eaca9889c0f8ac5d950fc6630478102d1ced2132fb08c5ad85366b6954ac The package epic-comment-rating was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.3 views

MAL-2025-49122 Malicious code in epic-comment-rating-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e3cd259d5ade70b14b1659d77f4d7271460e40c6329a4c9dd43c8727e251da The package epic-comment-rating-frontend was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.2 views

MAL-2025-49123 Malicious code in epic-comment-rating-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 3:32 p.m.4 views

EUVD-2025-37011

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

5.5AI score0.0032EPSS
Exploits1References4
Rows per page
Query Builder