Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/17 9:57 p.m.23 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-48818

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link url' parameter of the presto player overlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untruste...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.6 views

SUSE CVE-2017-18894

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover...

8.1CVSS7AI score0.00821EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:16 p.m.15 views

CVE-2025-62053

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through 4.2.0...

8.1CVSS0.00392EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/16 3:1 p.m.5 views

WordPress Estatik plugin <= 4.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Estatik versions = 4.3.0...

6.5CVSS5.2AI score0.00187EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

WordPress plugin Device Detector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/11 12:0 a.m.9 views

PT-2024-31949 · WordPress · The Starter Templates — Elementor

Name of the Vulnerable Software and Affected Versions: The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress versions up to, and including, 4.2.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and outp...

6.4CVSS6.2AI score0.00446EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/24 12:0 a.m.7 views

Terramaster TOS Permission License and Access Control Issues Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. A security vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which can be exploited by a remote,...

5.3CVSS6.1AI score0.18066EPSS
Exploits1References3
CNNVD
CNNVD
added 2020/12/24 12:0 a.m.7 views

Terramaster TOS Path Traversal Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. A path traversal vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which allows a remote authenticated...

10CVSS7.3AI score0.1635EPSS
Exploits1References3
CNVD
CNVD
added 2020/06/05 12:0 a.m.4 views

QEMU Buffer Overflow Vulnerability (CNVD-2020-35975)

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. A buffer overflow vulnerability exists in the hw/pci/pci.c file in QEMU version 4.2.0. The vulnerability stems from a network...

5.5CVSS7.9AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2019/10/17 7:15 p.m.3 views

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

8.8CVSS7.6AI score0.01749EPSS
Exploits3References3
CNVD
CNVD
added 2017/10/18 12:0 a.m.0 views

Unspecified Vulnerability in Oracle Hospitality Guest Access (CNVD-2017-31510)

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. The solution provides human resources cost management, provide customers with the entire journey of service tracking management to improve custome...

5.3CVSS5.8AI score0.01226EPSS
Exploits0References1
Rows per page
Query Builder