Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 6:33 p.m.14 views

CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 2:50 p.m.12 views

CVE-2025-53516

Cisco Talos discloses a pre-auth, reflected XSS in MedDream PACS Premium 7.3.6.870 via the downloadZip.php script, triggered by a crafted URL parameter (seq). Successful exploitation could lead to arbitrary JavaScript execution in the context of the user’s browser. Affected component: Pacs/downlo...

6.1CVSS5.6AI score0.00317EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3594

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00317EPSS
Exploits1References2
Rows per page
Query Builder