Lucene search
+L

14 matches found

OSV
OSV
added 2026/07/06 10:58 p.m.4 views

CVE-2026-53646 FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00215EPSS
Exploits1References3
NVD
NVD
added 2025/12/20 4:16 a.m.7 views

CVE-2025-14168

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

4.3CVSS0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.24 views

CVE-2025-14168 WP DB Booster <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

4.3CVSS0.00126EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/19 9:58 p.m.7 views

WordPress WP DB Booster plugin <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup vulnerability

Cross-Site Request Forgery to Database Cleanup vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP DB Booster versions = 1.0.1...

4.3CVSS6.7AI score0.00126EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:45 a.m.11 views

WordPress WP Fastest Cache plugin <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability

Missing Authorization to Authenticated Subscriber+ DB Cleanup Actions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache versions = 1.4.0...

4.3CVSS7AI score0.00191EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.7 views

CVE-2022-42310

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is...

5.5CVSS6.7AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/18 6:15 p.m.2 views

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

6.1CVSS6.2AI score0.00253EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/29 12:0 a.m.41 views

EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2024-1712)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References7
Virtuozzo
Virtuozzo
added 2024/04/11 12:0 a.m.27 views

Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)

In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...

7.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2024/02/13 12:0 a.m.51 views

CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

7.5CVSS7AI score0.01097EPSS
Exploits0References3
modx
modx
added 2016/12/07 6:56 a.m.500 views

Evolution 1.1 and Prior Remote Execution

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...

7.7AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2014/07/09 8:49 a.m.7 views

cumin: DoS via displayed link names containing non-ASCII characters

It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database such as via Cumin or Wallaby, requests to load said data would terminate and the requested pa...

5CVSS5.7AI score0.01791EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/09 8:49 a.m.5 views

cumin: DoS via displayed link names containing non-ASCII characters

It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database such as via Cumin or Wallaby, requests to load said data would terminate and the requested pa...

5CVSS5.7AI score0.01791EPSS
Exploits0References4
0day.today
0day.today
added 2009/06/23 12:0 a.m.22 views

Zen Cart 1.3.8 Remote SQL Execution Exploit

Exploit for unknown platform in category web applications =========================================== Zen Cart 1.3.8 Remote SQL Execution Exploit =========================================== !/usr/bin/python ------- Zen Cart 1.3.8 Remote SQL Execution http://www.zen-cart.com/ Zen Cart Ecommerce -...

7.1AI score
Exploits0
Rows per page
Query Builder