Lucene search
K

14 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

0.00295EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-12083

The CVE-2026-12083 issue affects the Admin and Site Enhancements (ASE) WordPress plugin and the admin-site-enhancements-pro plugin prior to version 8.8.4. The vulnerability arises from missing authentication, authorization, and nonce checks on a role-restoration request handler, enabling unauthen...

8.1CVSS6AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 6:16 p.m.6 views

UBUNTU-CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-1175

Malware in sbrugna...

4.3CVSS6.2AI score0.01177EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24946

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/16 9:25 p.m.7 views

CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2025/08/14 9:2 p.m.31 views

CVE-2025-8983

The CVE-2025-8983 entry concerns itsourcecode Online Tour and Travel Management System 1.0. A SQL injection vulnerability exists in /admin/operations/expense.php via the expense_for parameter. Exploitation is possible remotely, and public exploits have been disclosed. Connected sources corroborat...

9.8CVSS7.6AI score0.00387EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

Meteor 安全漏洞

Meteor is a JavaScript application platform open-sourced by Meteor. A security vulnerability exists in Meteor 3.2.1 and earlier versions, which stems from an insufficient regular expression complexity due to an incorrect operation of the function Object.assign on the parameter forwardedFor in the...

6.3CVSS4.5AI score0.00591EPSS
Exploits1References7
CNVD
CNVD
added 2022/11/21 12:0 a.m.18 views

WBCE CMS Access Control Error Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from an Access Control Error vulnerability that stems from the increaseattempts function in the wbce/framework/class.login.php file in its Header Handler component not appropriately restricting too...

7.5CVSS7.7AI score0.00788EPSS
Exploits1References1
CNVD
CNVD
added 2018/02/06 12:0 a.m.4 views

Project-Pier ProjectPier-Core Cross-Site Scripting Vulnerability

Project-Pier ProjectPier-Core is a free open source project management system. Multiple cross-site scripting vulnerabilities exist in Project-Pier ProjectPier-Core. A remote attacker can inject arbitrary web script or HTML by sending the 'searchfor' parameter to the searchbytag.php file,...

6.1CVSS6.1AI score0.01084EPSS
Exploits1References1
OSV
OSV
added 2018/01/18 2:29 p.m.5 views

CVE-2017-15869

Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...

6.1CVSS5.9AI score0.01341EPSS
Exploits2References3
Cvelist
Cvelist
added 2018/01/18 2:0 p.m.24 views

CVE-2017-15869

Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...

6.1AI score0.01341EPSS
Exploits2References3
NVD
NVD
added 2005/05/02 4:0 a.m.25 views

CVE-2005-1172

Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...

4.3CVSS5.6AI score0.01177EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/04/18 4:0 a.m.24 views

CVE-2005-1172

Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...

5.6AI score0.01177EPSS
Exploits0References4
Rows per page
Query Builder