Lucene search
K

10271 matches found

MongoDB
MongoDB
added 2025/12/19 11:0 a.m.20 views

Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7AI score0.83007EPSS
Exploits39References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:33 a.m.2 views

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS7AI score0.0033EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.3 views

Konica Bizhub Multifunction Printers Cross-site Scripting (CVE-2025-5884)

Cross-site scripting vulnerability CWE94, CWE-79 was found in the specific input fields of the Web Connection. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504858; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20";...

5.4CVSS4.8AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2025/12/18 8:15 p.m.3 views

CVE-2022-50681

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:15 p.m.6 views

CVE-2022-50684

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...

6.1CVSS0.00165EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 8:15 p.m.3 views

CVE-2022-50684

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...

6.1CVSS5.9AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:53 p.m.8 views

CVE-2022-50684

Summary of CVE-2022-50684 (Kentico Xperience HTML injection) An HTML injection vulnerability affects Kentico Xperience through unencoded form fields used in form submission emails. The underlying issue is lack of proper filtering/escaping of user-supplied data, allowing injected HTML content to b...

6.1CVSS6.8AI score0.00165EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...

6.1CVSS6.8AI score0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.23 views

CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...

6.1CVSS0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.4 views

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/18 9:30 a.m.6 views

EUVD-2025-204231

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS6.5AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:15 a.m.7 views

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:21 a.m.3 views

CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS6.6AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:21 a.m.7 views

CVE-2025-49379

CVE-2025-49379 affects the WordPress plugin Custom Fields Account Registration For Woocommerce (plugin slug: custom-fields-account-registration-for-woocommerce) with versions n/a through 1.2. The issue is described as Incorrect Privilege Assignment, enabling Privilege Escalation. Connected docume...

7.2CVSS6.6AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:21 a.m.18 views

CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52303

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...

6.1CVSS6AI score0.00183EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.6 views

WordPress plugin Custom Fields Account Registration For Woocommerce 安全漏洞

...

7.2CVSS5.8AI score0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52015

Name of the Vulnerable Software and Affected Versions Custom Fields Account Registration For Woocommerce versions n/a through 1.2 Description A flaw exists in Custom Fields Account Registration For Woocommerce that allows for privilege escalation due to incorrect privilege assignment. This issue...

7.2CVSS6.7AI score0.0033EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52306

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A flaw exists in Kentico Xperience that permits the injection of malicious HTML into form submission emails. This occurs because form fields are not properly encoded, allowing...

6.1CVSS6.5AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Zenphoto 跨站脚本漏洞

Zenphoto is a content management system from Zenphoto open source. A cross-site scripting vulnerability exists in Zenphoto version 1.6, which stems from improperly cleared user zip code fields and could lead to a stored cross-site scripting attack...

5.1CVSS6.1AI score0.00272EPSS
Exploits1References4
Rows per page
Query Builder