Lucene search
+L

25 matches found

OSV
OSV
added 2026/07/01 5:20 p.m.5 views

DRUPAL-CONTRIB-2026-065

The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...

6.1CVSS5.6AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-55223

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists where the Canvas module allows Cross-Site...

6.1AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55222

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists in the Canvas AI submodule where image file...

6.1AI score0.00253EPSS
Exploits0References8
Veracode
Veracode
added 2026/02/23 7:48 p.m.9 views

Server-Side Request Forgery (SSRF)

Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...

8.3CVSS5.5AI score0.00296EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-15256

Malware in sbrugna...

7.8CVSS7.7AI score0.00457EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28555

Malicious code in bioql PyPI...

9.3CVSS6.4AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.13 views

CVE-2025-54049

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...

9.9CVSS5.9AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 8:15 a.m.16 views

CVE-2025-54048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...

9.3CVSS0.0039EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:2 a.m.23 views

CVE-2025-54048

CVE-2025-54048: WordPress plugin Custom API for WP

9.3CVSS5.9AI score0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:2 a.m.6 views

CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2...

9.3CVSS7.9AI score0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:2 a.m.3 views

CVE-2025-54049 WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2...

9.9CVSS7.2AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:2 a.m.32 views

CVE-2025-54049

CVE-2025-54049 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin Custom API for WP . Affected versions are listed as pre-n/a through 4.2.2 . The vulnerability permits Privilege Escalation within the plugin. Multiple sources (NVD, Red Hat, CVE lists, Patchstack, and...

9.9CVSS5.9AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34013 · WordPress · Miniorange Custom Api For Wp

Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for SQL injection attacks...

9.3CVSS7.2AI score0.0039EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

WordPress plugin Custom API for WP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.3CVSS7.3AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34014

Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: An incorrect privilege assignment issue in miniOrange Custom API for WP allows privilege escalation. Recommendations: Update miniOrange Custom API for WP to a version later than...

9.9CVSS5.8AI score0.0038EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

WordPress plugin Custom API for WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.9CVSS6.8AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.10 views

WordPress plugin REST API | Custom API Generator For Cross Platform And Import Export In WP 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin REST API | Custom API Generator For Cross Platform And Impo...

9.8CVSS8.2AI score0.00532EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.12 views

Custom API Generator for Cross Platform and Import Export in WP 2.0.3 Privilege Escalation

WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin versions 1.0.0 through 2.0.3 are susceptible to a privilege escalation vulnerability due to a missing capability check on the processhandler...

9.8CVSS8.6AI score0.00532EPSS
Exploits1
OSV
OSV
added 2021/12/14 8:15 p.m.3 views

CVE-2021-43051

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...

6.8CVSS6.7AI score0.00826EPSS
Exploits0References2
Huntr
Huntr
added 2021/09/09 6:40 a.m.9 views

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...

1.3AI score
Exploits0References1
Rows per page
Query Builder