Lucene search
K

10272 matches found

EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203184

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.3AI score0.00312EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.3 views

CVE-2025-9207

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

5.3CVSS0.00373EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 8:7 a.m.6 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS6.4AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 7:21 a.m.29 views

CVE-2025-9207 TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

5.3CVSS0.00373EPSS
Exploits0References4
CVE
CVE
added 2025/12/13 7:21 a.m.29 views

CVE-2025-9207

CVE-2025-9207 affects the TI WooCommerce Wishlist plugin for WordPress. The vulnerability is an HTML injection flaw present in all versions up to and including 2.10.0, caused by accepting values in hidden inputs without proper validation and outputting them without sanitization. This enables unau...

5.3CVSS6AI score0.00373EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 6:53 a.m.9 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts into page metadata and taxonomy fields that are stored and executed when the page is...

6.2CVSS5.9AI score0.00182EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/12/13 5:4 a.m.6 views

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

6.1CVSS5.8AI score0.00214EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/13 3:20 a.m.2 views

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 3:20 a.m.16 views

CVE-2025-13089

CVE-2025-13089 (WP Directory Kit) : WordPress plugin is vulnerable to unauthenticated SQL Injection via parameters hide_fields and attr_search in all versions up to 1.4.7 due to insufficient escaping and lack of prepared statements. Exploitation could allow an attacker to append SQL to existing q...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

WordPress plugin TI WooCommerce Wishlist 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An input...

5.3CVSS6.7AI score0.00373EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51043

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.8 Description The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the hide fields and attr search parameter. Insufficient input sanitization and inadequate SQL query...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.14 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

7.5CVSS7.5AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 11:15 p.m.4 views

UBUNTU-CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

5.3CVSS5.8AI score0.00317EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/12/12 10:24 p.m.4 views

CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

5.3CVSS5.4AI score0.00317EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.3 views

CVE-2024-58293

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

8.6CVSS7.4AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 8:56 p.m.12 views

CVE-2025-43542

CVE-2025-43542 affects Apple devices via a state-management issue that can cause password fields to be revealed when a device is remotely controlled over FaceTime. Affected products/versions include iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, an...

7.5CVSS5.8AI score0.00833EPSS
In wildExploits0References5Affected Software1
CVE
CVE
added 2025/12/12 8:36 p.m.10 views

CVE-2025-67634

CVE-2025-67634 concerns the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which is affected by cross-site scripting via text fields when a user imports a crafted JSON file. The JavaScript could load into the page and execute in the user’s browser upon submission ...

6.1CVSS5.8AI score0.00159EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/12/12 8:36 p.m.5 views

EUVD-2025-203114

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.7AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 7:23 a.m.3 views

EUVD-2025-203048

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.1CVSS5.9AI score0.00144EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 7:23 a.m.4 views

CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.1CVSS6AI score0.00144EPSS
Exploits0References2
Rows per page
Query Builder