Lucene search
K

27 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39688

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 7:5 a.m.8 views

EUVD-2024-55618

Cross-Site request forgery CSRF vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2...

4.3CVSS5.5AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS0.00297EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 10:33 a.m.6 views

BIT-RABBITMQ-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41364

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:28 p.m.3 views

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/24 1:2 p.m.6 views

EUVD-2026-8479

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

5.3CVSS5.8AI score0.00607EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.4 views

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

5.7AI score0.00391EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/03 2:8 p.m.3 views

CVE-2026-24992 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through = 4.1....

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.2 views

CVE-2026-24992

Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through = 4.1....

5.3AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.6 views

CVE-2018-18447

dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data issue 2 of 2...

9.8CVSS6.9AI score0.00957EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 9:18 p.m.8 views

CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

7.2CVSS0.00887EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-53425 WordPress Dokan plugin <= 4.1.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through = 4.1.3...

7.2CVSS5.2AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

TOTOLINK A810R 安全漏洞

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from cstecgi.cgi failing to correctly validate the length and size of the input data, and can be exploited by ...

9.8CVSS8.1AI score0.00454EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/04/21 12:15 a.m.1 views

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/09 7:13 a.m.5 views

WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...

9.8CVSS7AI score0.006EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/03 11:8 a.m.4 views

WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Popup box versions = 4.1.2...

7.1CVSS6.4AI score0.00184EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/06/13 12:44 p.m.1 views

GHSA-X3CC-X39P-42QX fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

Impact As a part of this vulnerability, user was able to se code using proto as a tag or attribute name. js const XMLParser, XMLBuilder, XMLValidator = require"fast-xml-parser"; let XMLdata = "hacked" const parser = new XMLParser; let jObj = parser.parseXMLdata; console.logjObj.polluted // should...

6.5CVSS7AI score0.01152EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.6 views

PT-2023-18787 · Splunk · Splunk Cloudconnect Sdk +1

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.2 Splunk CloudConnect SDK versions prior to 3.1.3 Description: The issue occurs when requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after...

5.3CVSS7.2AI score0.00315EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

TOTOLINK A860R 安全漏洞

The TOTOLINK A860R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A860R version V4.1.2cu.5182B20201027, which originates from an unfiltered parameter in infostat.cgi, resulting in a buffer overflow...

9.8CVSS8.9AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder