Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-37702

Malicious code in bioql PyPI...

7.1CVSS8.5AI score0.00449EPSS
Exploits0References2
Veracode
Veracode
added 2025/09/22 7:54 a.m.11 views

Server-Side Template Injection

solspace/craft-freeform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input handling because the submission title field in forms allows arbitrary code injection when edited by users with form editing access...

9.8CVSS8AI score0.00574EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/08/27 12:0 a.m.25 views

CVE-2025-52122

Summary : CVE-2025-52122 affects the Freeform CraftCMS plugin. Vulnerable versions : Freeform 5.0.0 up to (but not including) 5.10.16. Root cause : Server-side template injection (SSTI) in Freeform allows arbitrary code execution. Impact : All users with access to editing a form submission title ...

9.8CVSS7.9AI score0.00574EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 1:4 a.m.6 views

CVE-2024-28865

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

7.5CVSS6.8AI score0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/27 12:0 a.m.9 views

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...

9.2AI score0.00451EPSS
Exploits1References2
OSV
OSV
added 2024/11/26 12:15 p.m.3 views

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...

5.4CVSS5.7AI score
Exploits0References1
OSV
OSV
added 2024/11/26 12:15 p.m.4 views

CVE-2024-38832

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...

6.4CVSS7.5AI score0.00449EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.4 views

PT-2024-8794 · Vmware · Vmware Aria Operations

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to views may be able to inject malicious...

7.5CVSS7.8AI score0.00449EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.5 views

PT-2024-8792 · Vmware · Vmware Aria Operations

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. This vulnerability can be exploited by a malicious actor with editing access to...

6.5CVSS6.2AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.7 views

PT-2022-26232 · WordPress · Image Hover Effects Ultimate

Name of the Vulnerable Software and Affected Versions: Image Hover Effects Ultimate plugin for WordPress versions 9.8.1 through 9.8.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in several values that can be added to ...

5.5CVSS5.2AI score0.00526EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2021/03/17 12:0 a.m.19 views

WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts

By default, the plugin allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. A subscriber, upon registering an account with a site with the WP Pagebuilder plugin, could immediately modify or delete...

4CVSS3.1AI score0.00689EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.16 views

Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)

CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...

6.5CVSS5.4AI score0.0169EPSS
Exploits0References1
Rows per page
Query Builder