Lucene search
K

18 matches found

Patchstack
Patchstack
added 6 days ago4 views

WordPress ProfileGrid plugin <= 5.9.9.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.8...

8.8CVSS5.9AI score0.00142EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/23 12:32 p.m.36 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

8.8CVSS6AI score0.00502EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/16 2:19 p.m.5 views

CVE-2026-4174

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

4.8CVSS5.2AI score0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 6:16 p.m.6 views

CVE-2026-31857

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 5:30 p.m.29 views

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 12:27 a.m.5 views

GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.7 views

Radare2 缓冲区错误漏洞

Radare2 is a Libre reverse framework open-sourced by Radare for Unix geeks. A buffer error vulnerability exists in Radare2 version 5.9.9, which stems from memory corruption due to incorrect manipulation of the parameter -T...

2.5CVSS4.2AI score0.00198EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.7 views

Radare2 缓冲区错误漏洞

Radare2 is a Libre reverse framework open-sourced by Radare for Unix geeks. A buffer error vulnerability exists in Radare2 version 5.9.9, which stems from memory corruption due to incorrect manipulation of the parameter -T...

2.5CVSS4.2AI score0.00185EPSS
Exploits1References8
Patchstack
Patchstack
added 2025/03/25 9:35 p.m.28 views

WordPress Event post plugin <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.9.9...

5.4CVSS5.7AI score0.00219EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2025/03/03 9:15 a.m.5 views

CVE-2025-1864

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

10CVSS7.3AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 4:15 a.m.6 views

AZL-57639 CVE-2025-1744 affecting package gdal 3.6.3-2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

10CVSS7.5AI score0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.2 views

PT-2025-9052

Name of the Vulnerable Software and Affected Versions radare2 versions prior to 5.9.9 Description The issue is an Out-of-bounds Write vulnerability that allows heap-based buffer over-read or buffer overflow. This can lead to a buffer overflow, which is a type of attack where more data is written ...

10CVSS7.5AI score0.00468EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2025/02/18 5:12 a.m.3 views

SUSE CVE-2025-1378

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to...

3.3CVSS3.6AI score0.00295EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.5 views

PT-2024-23781

Name of the Vulnerable Software and Affected Versions WordPress versions 5.9 through 5.9.9 WordPress versions 6.0 through 6.0.8 WordPress versions 6.1 through 6.1.6 WordPress versions 6.2 through 6.2.5 WordPress versions 6.3 through 6.3.4 WordPress versions 6.4 through 6.4.4 WordPress versions 6....

7.2CVSS6.9AI score0.70822EPSS
Exploits4References27
OSV
OSV
added 2023/04/15 12:15 a.m.8 views

AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

9.8CVSS8AI score0.02264EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.5 views

strongSwan 信任管理问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. A security vulnerability exists in...

9.8CVSS8.7AI score0.02264EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/20 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in Rice CMS v5.9.9

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. An arbitrary file deletion vulnerability exists in Daimi CMS version v5.9.9, which...

7AI score
Exploits0
Rows per page
Query Builder