Lucene search
K

25 matches found

vulnersOsv
vulnersOsv
added 2026/05/20 3:35 p.m.6 views

org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...

9.6CVSS5.4AI score0.00628EPSS
Exploits2
Patchstack
Patchstack
added 2026/03/16 8:26 p.m.7 views

WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...

4.3CVSS5.8AI score0.00233EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/22 1:25 p.m.6 views

CVE-2026-1787

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:38 a.m.5 views

CVE-2026-2525

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

7.5CVSS5.2AI score0.00493EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.1 views

CVE-2025-67955

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through = 4.1.0...

7.5CVSS5.4AI score0.00463EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30585

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.5 views

CVE-2024-26481

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter...

4.7CVSS7.2AI score0.00405EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.5 views

CVE-2024-26482

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...

7.1CVSS6.9AI score0.0032EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.7 views

CVE-2023-51490

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...

7.5CVSS7.8AI score0.0048EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:20 p.m.19 views

CVE-2025-47509 WordPress Top 10 plugin <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Top 10 top-10 allows Stored XSS.This issue affects Top 10: from n/a through = 4.1.0...

6.5CVSS0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.3 views

WordPress plugin WP jQuery DataTable 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

5.9CVSS6.2AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 1:42 p.m.75 views

CVE-2025-1747

CVE-2025-1747 describes HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. The issue allows an attacker to modify the HTML of a victim’s browser by sending a malicious URL and altering the parameter name in /account/login. Affected software: OpenCart (opencart/opencart package in...

4.7CVSS5.1AI score0.00237EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.5 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 4.1.0 that stems from improper authorization, which allows an attacker with SQLLab access to construct specially crafted SQL D...

7.1CVSS6.9AI score0.02562EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.3 views

PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5

Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...

6.4CVSS7.9AI score0.00519EPSS
Exploits1References41
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.3 views

Kirby security breach

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby CMS version v4.1.0, which stems from a Reflected Cross-Site Scripting XSS vulnerability via URL parameters...

4.7CVSS5.8AI score0.00405EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.3 views

Pure Storage FlashBlade Security Vulnerability

Pure Storage FlashBlade is a consolidated storage platform for file and object workloads from U.S.-based Pure Storage. A security vulnerability exists in FlashBlade Purity OE version 4.1.0, which stems from a flaw in the system where a user who is authorized to extend the object retention period...

6.5CVSS6.7AI score0.00456EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.5 views

PT-2022-26771 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...

7.5CVSS7.5AI score0.01949EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/23 12:0 a.m.10 views

PT-2021-24242 · Unknown · Cve-Search

Name of the Vulnerable Software and Affected Versions: cve-search versions prior to 4.1.0 Description: The issue in cve-search allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts. This occurs in the lib/DatabaseLayer.py file...

7.5CVSS7.4AI score0.01874EPSS
Exploits1References5
CNVD
CNVD
added 2019/10/24 12:0 a.m.4 views

Apache POI Information Disclosure Vulnerability

Apache POI is an open source JAVA library for reading and writing Microsoft document formats . An information disclosure vulnerability exists in Apache POI 4.1.0 and earlier versions. When converting a user-supplied Microsoft Excel document using the XSSFExportToXml tool, an attacker can exploit...

5.5CVSS5.8AI score0.0099EPSS
Exploits0References1
OSV
OSV
added 2019/07/10 12:0 p.m.2 views

UBUNTU-CVE-2019-10191

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol...

7.5CVSS6.6AI score0.01932EPSS
Exploits0References3
Rows per page
Query Builder