Lucene search
K

46 matches found

NVD
NVD
added 2026/05/07 6:16 a.m.12 views

CVE-2026-41143

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

8.8CVSS0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 5:8 a.m.9 views

CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 5:8 a.m.19 views

CVE-2026-41143

YesWiki contains an authenticated SQL injection in the bazar module, via id_fiche in EntryManager::formatDataBeforeSave() (code path: tools/bazar/services/EntryManager.php:704). The vulnerable query concatenates $_POST['id_fiche'] into SQL without sanitization, e.g. selecting MIN(time) from pages...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 5:8 a.m.27 views

EUVD-2026-28312

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

Fedora 43 : wireshark (2025-0e41e63705)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e41e63705 advisory. New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be...

7.8CVSS5.6AI score0.00101EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/03 8:4 a.m.4 views

CVE-2025-13945

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

5.5CVSS5.1AI score0.00132EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.2 views

PT-2025-48797

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.4.0 through 4.4.11 Wireshark versions 4.6.0 through 4.6.1 Description The MEGACO dissector in Wireshark contains an infinite loop that can lead to a denial of service. The issue is triggered by the improper handling of...

7.8CVSS5.9AI score0.00306EPSS
Exploits12References84
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.6 views

PT-2025-48234

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.6AI score0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.6 views

Wireshark 4.6.x < 4.6.1 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.1 advisory. - Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVE-2025-13499 Note that...

7.8CVSS6AI score0.00101EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/27 7:39 a.m.21 views

EUVD-2025-36121

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

7.1CVSS5.5AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28026

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 2:15 a.m.5 views

CVE-2024-9065

The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whpsmtpsendmailtest' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any...

5.3CVSS5.8AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/22 12:0 a.m.9 views

PT-2024-30853 · Unknown · Firsh Justified Image Grid

Name of the Vulnerable Software and Affected Versions: Firsh Justified Image Grid versions through 4.6.1 Description: A Server-Side Request Forgery SSRF issue affects Firsh Justified Image Grid, allowing for Server Side Request Forgery. Recommendations: For versions through 4.6.1, consider...

7.5CVSS6.8AI score0.12232EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.3 views

WordPress plugin Tournamatch security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.1AI score0.00312EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-15097 · Auth0 · Login By Auth0 Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Login by Auth0 plugin for WordPress versions up to, and including, 4.6.0 Description: The issue is related to Reflected Cross-Site Scripting via the wle parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS5.8AI score0.00359EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/07/01 3:53 a.m.5 views

WordPress WordPress Plugin for Google Maps plugin <= 4.6.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Maps versions = 4.6.1...

8.8CVSS8.1AI score0.00459EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/03 4:15 p.m.5 views

CVE-2023-28512

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396...

5.9CVSS5.8AI score0.00547EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.6 views

Pixel & tonic Craft CMS Injection Vulnerability

Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic Inc. in the United States. An injection vulnerability exists in Craft CMS version 4.6.1, which stems from the system's use of an unselected volume of the asset element type to save feeds, and can be exploited by a remot...

7.5CVSS7.1AI score0.01073EPSS
Exploits0References3
OSV
OSV
added 2023/12/15 4:15 p.m.3 views

CVE-2023-49823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.5 views

WordPress plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS4.9AI score0.00511EPSS
Exploits2References2
Rows per page
Query Builder