Lucene search
K

6047 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:22 a.m.9 views

CVE-2024-1711

The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS7.5AI score0.0073EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-19410

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...

9.8CVSS5.8AI score0.8646EPSS
Exploits0References1
OSV
OSV
added 2025/02/03 8:15 p.m.3 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

9.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/02/03 8:15 p.m.10 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

9.8CVSS0.00518EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/02/03 12:9 a.m.3 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/02/03 12:9 a.m.3 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.9 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

9.6AI score0.00518EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.6 views

PT-2025-3447 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions 1.5.0 and earlier Description: The issue allows for File Upload via the Create template function. Recommendations: For ChestnutCMS versions 1.5.0 and earlier, update to a version that fixes this issue. At the moment, ther...

9.8CVSS6.9AI score0.00518EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and prior versions, which stems from the vulnerability of uploading files via the Create Template feature...

9.8CVSS6.7AI score0.00518EPSS
Exploits1References1
CVE
CVE
added 2025/02/01 3:21 a.m.50 views

CVE-2024-12171

CVE-2024-12171 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is a privilege-escalation flaw caused by a missing capability check on the eh_crm_agent_add_user AJAX action, affecting all versions up to and including 3.2.6. This allows authen...

8.8CVSS8.6AI score0.00483EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/31 12:15 p.m.1 views

UBUNTU-CVE-2025-21675

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5lagdestroydefiners always try to destroy all lag...

5.5CVSS6.2AI score0.00199EPSS
Exploits0References17
NVD
NVD
added 2025/01/24 6:15 p.m.16 views

CVE-2025-24638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through = 1.4...

6.5CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/24 5:24 p.m.12 views

CVE-2025-24638 WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4...

6.5CVSS7.1AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2025/01/24 5:24 p.m.50 views

CVE-2025-24638

CVE-2025-24638 is a DOM-Based XSS in the WordPress plugin Create with Code, affecting versions n/a through 1.4. It results from improper input neutralization during web page generation. Public sources (NVD, Red Hat, Wordfence) classify it as Cross-Site Scripting, with Wordfence noting a patch/Pat...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.5 views

WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Create with Code versions = 1.4...

6.5CVSS6.2AI score0.00334EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.4 views

PT-2025-5465 · Unknown · Create With Code

Name of the Vulnerable Software and Affected Versions: Create with Code versions n/a through 1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This enables potential attackers to inject malicious scripts into the...

6.5CVSS7AI score0.00334EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.5 views

WordPress plugin Create with Code 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS7.9AI score0.00334EPSS
Exploits0References2
PyPA
PyPA
added 2025/01/23 1:15 a.m.8 views

PYSEC-2025-131

lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/23 1:15 a.m.4 views

PYSEC-2025-131

lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...

7.5CVSS5.7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/23 12:45 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the plutovgsurfacecreate component. An attacker can cause a denial of service by creating a surface with an excessively large size. Details Denial of Service DoS describes a family of attacks, all aimed at maki...

8.7CVSS7AI score0.0044EPSS
Exploits1References2
Rows per page
Query Builder