Lucene search
+L

278 matches found

Vulnrichment
Vulnrichment
added 2026/03/04 1:21 a.m.3 views

CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

7.2CVSS6AI score0.00313EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

WordPress plugin PostX 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6AI score0.00313EPSS
Exploits0References6
CVE
CVE
added 2026/03/02 12:49 p.m.9 views

CVE-2025-14532

CVE-2025-14532 describes an unauthenticated file-upload flaw in DobryCMS that allows uploading files of any type/extension, enabling remote code execution. The NVD entry indicates a high-severity, network-accessible issue (CVSS v4.0-like metrics: base score 9.3; impacts to confidentiality, integr...

9.8CVSS6AI score0.00536EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22581

Name of the Vulnerable Software and Affected Versions DobryCMS versions prior to 5.0 Description The software’s file upload functionality allows unauthenticated remote attackers to upload files of any type and extension without restriction. This can lead to Remote Code Execution. Recommendations...

9.8CVSS5.9AI score0.00536EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/25 5:55 a.m.6 views

CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

9.2CVSS6AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.9 views

CVE-2026-27192

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...

8.1CVSS5.6AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/02/21 3:23 a.m.11 views

CVE-2026-27191 Feathers: Open Redirect in OAuth callback enables account takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...

7.4CVSS5.7AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.9 views

Feathers 信息泄露漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. Feathers versions 5.0.39 and earlier contained an information leakage vulnerability. This vulnerability stemmed from the fact that all HTT...

8.2CVSS5.8AI score0.00354EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.6 views

CVE-2026-25388

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through = 5.0...

5.4CVSS5.5AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/20 8:12 a.m.9 views

WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

5.4CVSS5.4AI score0.00209EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/19 9:16 a.m.18 views

CVE-2026-25388

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through = 5.0...

5.4CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 10:15 a.m.8 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/13 7:51 a.m.10 views

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...

8.8CVSS5.7AI score0.04974EPSS
Exploits0References6
OSV
OSV
added 2026/02/11 1:15 p.m.3 views

CVE-2025-58467

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync...

6.5CVSS5.8AI score0.00416EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 12:20 p.m.16 views

CVE-2025-30266

The CVE-2025-30266 entry describes a NULL pointer dereference in Qsync Central that could allow a remote attacker with a user account to cause a denial-of-service. Concrete details across connected sources identify Qsync Central as the affected product, with the root cause listed as a NULL pointe...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/11 12:19 p.m.26 views

CVE-2025-52868

CVE-2025-52868 is a buffer overflow in Qsync Central. The issue allows a remote attacker who has a user account to modify memory or crash processes. A fix is available in Qsync Central 5.0.0.4 (2026-01-20) and later; users should upgrade to receive mitigation. The connected sources corroborate th...

8.1CVSS5.9AI score0.00299EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.11 views

PT-2026-7535

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

5.3CVSS5.5AI score0.00391EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.0.0-RC1 to 4.16.17, and 5.0.0-RC1 to 5.8.21 of Craft CMS have SQL injection vulnerabilities. These vulnerabilities stem from improper cleaning of the criteriaorderBy parameter input, which may lead to SQL...

8.8CVSS5.9AI score0.00502EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 8:23 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature...

7.5CVSS5.4AI score0.002EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/02/05 12:15 p.m.6 views

CVE-2026-1517

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

5.8CVSS0.00273EPSS
Exploits0References5
Rows per page
Query Builder