CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-14735

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00303EPSS

Exploits0References1

RedhatCVE•added 2025/04/05 2:32 p.m.•9 views

CVE-2025-31827

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through = 1.2.2...

4.9CVSS7.2AI score0.00303EPSS

Exploits0References1

NVD•added 2025/04/03 2:15 p.m.•3 views

CVE-2025-31827

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through = 1.2.2...

4.9CVSS0.00303EPSS

Exploits0References1

Vulnrichment•added 2025/04/03 1:27 p.m.•4 views

CVE-2025-31827 WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2...

4.9CVSS7AI score0.00303EPSS

Exploits0References1

CVE•added 2025/04/03 1:27 p.m.•48 views

CVE-2025-31827

Fonto (Fonto – Custom Web Fonts Manager) on WordPress is affected by CVE-2025-31827. Affected versions: Fonto <= 1.2.2. The vulnerability is described as an Authenticated (Author+) Arbitrary File Download arising from a path traversal weakness, enabling an authenticated attacker to download ar...

4.9CVSS7.2AI score0.00303EPSS

Exploits0References1

Cvelist•added 2025/04/03 1:27 p.m.•11 views

CVE-2025-31827 WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through = 1.2.2...

4.9CVSS0.00303EPSS

Exploits0References1

Positive Technologies•added 2025/04/03 12:0 a.m.•2 views

PT-2025-14740 · Vlad.Olaru · Fonto

Name of the Vulnerable Software and Affected Versions: Fonto versions 1.2.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows for Path Traversal in the vlad.olaru...

4.9CVSS5.9AI score0.00303EPSS

Exploits0References4

CNNVD•added 2025/04/03 12:0 a.m.•1 views

WordPress plugin vlad.olaru Fonto 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

4.9CVSS6.2AI score0.00303EPSS

Exploits0References1

NVD•added 2024/10/17 10:15 a.m.•11 views

CVE-2024-8920

The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00255EPSS

Exploits0References5

Cvelist•added 2024/10/17 9:32 a.m.•16 views

CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS0.00255EPSS

Exploits0References5

Vulnrichment•added 2024/10/17 9:32 a.m.•10 views

CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS5.8AI score0.00255EPSS

Exploits0References5

CVE•added 2024/10/17 9:32 a.m.•44 views

CVE-2024-8920

CVE-2024-8920 : Fonto – Custom Web Fonts Manager for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions

6.4CVSS5.9AI score0.00255EPSS

Exploits0References5

CNNVD•added 2024/10/17 12:0 a.m.•2 views

WordPress plugin Fonto 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.9AI score0.00255EPSS

Exploits0References6

Positive Technologies•added 2024/10/17 12:0 a.m.•3 views

PT-2024-39321 · WordPress · Fonto

Name of the Vulnerable Software and Affected Versions: Fonto – Custom Web Fonts Manager plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This...

6.4CVSS6.3AI score0.00255EPSS

Exploits0References9

Patchstack•added 2024/10/16 9:10 p.m.•5 views

WordPress Fonto – Custom Web Fonts Manager plugin <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Fonto versions = 1.2.1...

6.4CVSS5.8AI score0.00255EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/16 12:0 a.m.•6 views

WordPress Fonto Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Fonto Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 47d52cbd2788 Credits Francesco Carlucci Required...

6.4CVSS6AI score0.00255EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by