Lucene search
K

19 matches found

EUVD
EUVD
added last week4 views

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 3:39 a.m.47 views

CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00249EPSS
Exploits0References7
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 8:5 p.m.4 views

GHSA-7C47-XR7Q-P6HG free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...

8.7CVSS5.9AI score0.00674EPSS
Exploits1References6
CVE
CVE
added 2026/01/17 8:32 p.m.12 views

CVE-2026-1064

Summary of CVE-2026-1064 (bastillion-io Bastillion) Affects Bastillion up to version 4.0.1 in the System Management Module, specifically the SystemKtrl.java component. The vulnerability arises from a manipulation of the file path src/main/java/io/bastillion/manage/control/SystemKtrl.java, leading...

5.8CVSS6.5AI score0.04156EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.3 views

Selea CarPlateServer 访问控制错误漏洞

Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...

9.3CVSS7AI score0.0043EPSS
Exploits1References4
OSV
OSV
added 2025/11/24 4:15 p.m.3 views

CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

6.5CVSS6.7AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/05 12:0 a.m.2 views

CVE-2025-55341

Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexosnuevo.php asocImgRad...

6AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.7 views

CVE-2023-39650

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...

9.8CVSS8.3AI score0.03631EPSS
Exploits1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Jenkins plugin Cadence vManager 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.6AI score0.00292EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.12 views

Flask-CORS vulnerable to Improper Handling of Case Sensitivity

corydolphin/flask-cors version 5.0.1 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS5.1AI score0.00642EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/29 12:31 a.m.12 views

Apache Hive Incorrectly Assigns Permissions for a Critical Resource

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to...

5.5CVSS5.2AI score0.00274EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.7 views

IBM Aspera Orchestrator 安全漏洞

IBM Aspera Orchestrator is a Web-based application from International Business Machines IBM, Inc. It can provide data-driven organizations with an efficient document processing pipeline. An HTTP header injection vulnerability exists in IBM Aspera Orchestrator version 4.0.1, which can be exploited...

5.4CVSS6.9AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.6 views

PT-2023-21919 · Apache · Apache Airflow Spark Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Spark Provider versions prior to 4.0.1 Description: The issue is related to improper input validation in the Apache Airflow Spark Provider. This allows the host and schema of JDBC Hook to contain / and ?, which can be used to...

7.5CVSS7AI score0.02152EPSS
Exploits0References10
OSV
OSV
added 2022/09/09 3:15 p.m.3 views

CVE-2022-36356

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin = 4.0.1 at WordPress...

4.8CVSS5.8AI score0.00437EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/21 12:0 a.m.3 views

D-Link DSL-2640B B2 Trust Management Issue Vulnerability

The D-Link DSL-2640B B2 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2640B B2 EU4.01B version, which comes with hard-coded accounts in the router. The vulnerability can be exploited by an attacker to log in to the management interface,...

10CVSS7AI score0.02187EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/07/04 12:0 a.m.4 views

PT-2019-13238 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue is a heap-based buffer over-read in the JBIG2Stream::readTextRegionSeg function, which can be triggered by sending a crafted PDF document to the pdftoppm tool. This might allow an attacker to cause...

5.5CVSS5.8AI score0.0114EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2008/04/10 12:0 a.m.34 views

phaos-disclose.txt

Remote File Disclosure Vulnerability in showSource.php phaos4.0.1 MY HOmE : WWW.PAL-HACkEr.COM WWW.ATSDP.COM AUTHOR : HaCkeREgY My HoMe : www.PaL-HaCker.com & www.ATSDP.com ConTacT : [email protected] ----------------------------------------------- script: phaos4.0.1...

7.4AI score
Exploits0
Rows per page
Query Builder