Lucene search
K

18 matches found

CNNVD
CNNVD
•added 2026/03/04 12:0 a.m.•8 views

Craft CMS å®‰å…Øę¼ę“ž

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 4.17.0-beta.1 and 5.9.0-beta.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation during the creation of entries, allowing large amounts of values t...

7.1CVSS5.8AI score0.00326EPSS
Exploits1References4
Snyk
Snyk
•added 2026/03/03 9:0 p.m.•7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the authorId parameter during the entry creation. An attacker can assign authorship of new entries to...

7.1CVSS5.9AI score0.00326EPSS
Exploits1References3
Vulnrichment
Vulnrichment
•added 2026/02/18 5:29 a.m.•2 views

CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References5
Patchstack
Patchstack
•added 2026/02/17 11:52 p.m.•6 views

WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability

Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...

4.3CVSS5.5AI score0.00156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
•added 2025/10/28 2:36 p.m.•4 views

CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

5.1CVSS0.00479EPSS
Exploits0References3
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-15070

Malware in sbrugna...

8.8CVSS8.8AI score0.00449EPSS
Exploits0References2
Circl
Circl
•added 2025/07/22 6:56 p.m.•18 views

CVE-2025-51482

creationtimestamp| type| source ---|---|--- 2025-07-22 18:56:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lul6nbngu227 2025-08-01 03:00:09+00:00| published-proof-of-concept| Telegram/y7-RpDrmSuXhLcSTuW0R9s09Quezx-GrdrSmzgmffhhoeQ 2025-10-26 21:02:29+00:00| seen|...

8.8CVSS5.7AI score0.01862EPSS
Exploits1References6
Vulnrichment
Vulnrichment
•added 2025/07/04 1:37 p.m.•5 views

CVE-2025-38232 NFSD: fix race between nfsd registration and exports_proc

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exportsproc As of now nfsd calls createprocexportsentry at start of initnfsd and cleanup by removeprocentry at last of exitnfsd. Which causes kernel OOPs if there is race between below...

5.3AI score0.0013EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2025/04/05 2:24 a.m.•2 views

SUSE CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7CVSS6.1AI score0.0018EPSS
Exploits0References81
NVD
NVD
•added 2025/03/20 10:15 a.m.•4 views

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

9.1CVSS0.00593EPSS
Exploits1References1
Circl
Circl
•added 2024/12/05 3:21 p.m.•5 views

CVE-2024-54129

creationtimestamp| type| source ---|---|--- 2024-12-05 15:21:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113600895756889464 2024-12-05 17:52:10+00:00| seen| https://t.me/cvedetector/12112...

9.2CVSS4.8AI score0.00422EPSS
Exploits0References2
CVE
CVE
•added 2022/09/16 8:22 p.m.•57 views

CVE-2022-29489

CVE-2022-29489 describes a CSRF vulnerability in the WordPress Sucuri Security plugin (versions

4.3CVSS4.6AI score0.0027EPSS
Exploits0References2Affected Software1
Circl
Circl
•added 2022/03/16 1:20 a.m.•12 views

CVE-2022-26210

creationtimestamp| type| source ---|---|--- 2022-03-16 01:20:01+00:00| seen| https://t.me/cibsecurity/38990 2022-04-02 18:51:58+00:00| seen| https://t.me/NeKaspersky/2069 2022-04-04 16:37:00+00:00| seen| https://t.me/truesecator/2804 2025-04-23 09:42:57+00:00| seen|...

9.8CVSS7.5AI score0.05748EPSS
Exploits1References3
WPVulnDB
WPVulnDB
•added 2021/09/28 12:0 a.m.•20 views

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed. PoC Add an Entry /wp-admin/admin.php?page=connectionsadd and put the following payload in the Address Li...

4.8CVSS2.1AI score0.00705EPSS
Exploits2Affected Software1
CNVD
CNVD
•added 2021/07/09 12:0 a.m.•14 views

ProjectWorlds College Management System Cross-Site Request Forgery Vulnerability

ProjectWorlds College Management System is a college management system. projectWorlds College Management System is vulnerable to cross-site request forgery, which can be exploited by attackers to modify, delete student, faculty, teacher, subject, grade, location, and article data or create new...

6.5CVSS3.2AI score0.00781EPSS
Exploits0References1
seebug.org
seebug.org
•added 2014/07/01 12:0 a.m.•12 views

aoblogger 2.3 create.php Unauthenticated Entry Creation

No description provided by source. source: http://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

7.1AI score
Exploits0
Circl
Circl
•added 2010/04/18 12:0 a.m.•6 views

CVE-2010-1498

creationtimestamp| type| source ---|---|--- 2010-04-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12280...

7.5CVSS5.8AI score0.02166EPSS
Exploits1References1
securityvulns
securityvulns
•added 2006/01/19 12:0 a.m.•46 views

[eVuln] aoblogger Multiple Vulnerabilities

New eVuln Advisory: aoblogger Multiple Vulnerabilities http://evuln.com/vulns/37/summary/bt/ --------------------Summary---------------- Software: aoblogger Sowtware's Web Site: http://mikeheltonisawesome.com/ Versions: 2.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote...

0.7AI score
Exploits0
Rows per page
Query Builder