Lucene search
K

6 matches found

NVD
NVD
added 2026/01/08 10:15 a.m.4 views

CVE-2025-67919

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

6.5CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.29 views

CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...

7.1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.3 views

CVE-2025-67566 WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

5.3CVSS6.6AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

WordPress plugin Woffice Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2016/06/21 12:0 a.m.3 views

UBUNTU-CVE-2015-8935

The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...

6.1CVSS6.7AI score0.02959EPSS
Exploits0References3
OSV
OSV
added 2014/07/09 11:7 a.m.2 views

DEBIAN-CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.5CVSS7.7AI score0.16853EPSS
Exploits0References1
Rows per page
Query Builder