Lucene search
K

6 matches found

NVD
NVD
added 2026/04/15 8:16 p.m.6 views

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS0.00365EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31176

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/04 10:24 p.m.8 views

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS6AI score0.00508EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/03/22 4:19 a.m.8 views

SUSE CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

7.5CVSS6.9AI score0.00658EPSS
Exploits0References3
OSV
OSV
added 2024/03/17 5:15 p.m.4 views

CVE-2024-27959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/02/24 3:15 p.m.4 views

CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...

4.8CVSS6AI score0.00776EPSS
Exploits1References6
Rows per page
Query Builder