Lucene search
K

25 matches found

OSV
OSV
added 2026/06/26 9:1 p.m.6 views

GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

6.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51646

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...

5.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-24971

Malicious code in bioql PyPI...

4CVSS4AI score0.00764EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.16 views

CVE-2022-1686

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

4CVSS7AI score0.00764EPSS
Exploits2References1
CheckPoint Security
CheckPoint Security
added 2022/11/13 12:0 a.m.16 views

VPN SNX portal may be vulnerable to brute-force attack on passwords

Cause The VPN SNX portal in the IPsec VPN Software Blade does not implement any protection against brute-force attack on usernames/passwords. Symptoms - The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for...

7.5CVSS7.2AI score0.00591EPSS
Exploits0
CNVD
CNVD
added 2022/06/13 12:0 a.m.23 views

WordPress Five Minute Webshop plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Five Minute Webshop plugin 1.3.2 and previous versions are vulnerable to SQL injection, which...

4CVSS1.8AI score0.00764EPSS
Exploits2References1
OSV
OSV
added 2022/06/08 10:15 a.m.2 views

CVE-2022-1685

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...

4.9CVSS5.8AI score0.00951EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.6 views

CVE-2022-1686

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

4CVSS5.9AI score0.00764EPSS
Exploits2References3
OSV
OSV
added 2022/06/08 10:15 a.m.3 views

CVE-2022-1686

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

2.7CVSS5.8AI score0.00764EPSS
Exploits2References2
NVD
NVD
added 2022/06/08 10:15 a.m.17 views

CVE-2022-1685

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...

4.9CVSS0.00951EPSS
Exploits2References2
NVD
NVD
added 2022/06/08 10:15 a.m.32 views

CVE-2022-1686

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

4CVSS0.00764EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.6 views

CVE-2022-1685

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...

4.9CVSS5.9AI score0.00951EPSS
Exploits2References3
Prion
Prion
added 2022/06/08 10:15 a.m.13 views

Sql injection

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...

4CVSS5.6AI score0.00951EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/06/08 10:15 a.m.12 views

Sql injection

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

4CVSS4.5AI score0.00764EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.3 views

WordPress plugin Five Minute Webshop SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress Five Minute Webshop plugin 1.3.2 and earlier versions are vulnerable to SQL injection, whic...

4.9CVSS6.1AI score0.00951EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.6 views

WordPress plugin Five Minute Webshop SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Five Minute Webshop plugin 1.3.2 and previous versions are vulnerable to SQL injection, which...

4CVSS6.1AI score0.00764EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/06/06 8:51 a.m.39 views

CVE-2022-1686 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...

4.6AI score0.00764EPSS
Exploits2References2
CVE
CVE
added 2022/06/06 8:51 a.m.73 views

CVE-2022-1686

CVE-2022-1686 affects the WordPress Five Minute Webshop plugin (versions ≤ 1.3.2). The vulnerability arises from improper sanitisation/escaping of the id parameter when editing a product via the admin dashboard, allowing SQL Injection. Exploitation is evidenced by authenticated SQLi disclosures a...

4CVSS3.8AI score0.00764EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/06/06 8:51 a.m.22 views

CVE-2022-1685 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...

5.9AI score0.00951EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/05/12 12:0 a.m.14 views

WordPress Five Minute Webshop plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress Five Minute Webshop plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022...

4.9CVSS1.8AI score0.00951EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder