Lucene search
K

197 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 5:29 p.m.6 views

CVE-2025-58991

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

7.1CVSS5.2AI score0.00105EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 5:16 p.m.7 views

CVE-2025-58991

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

7.1CVSS0.00105EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 4:33 p.m.15 views

CVE-2025-58991

The CVE-2025-58991 entry documents a CSRF vulnerability in the WooCommerce Booking Bundle Hours WordPress plugin that can lead to Stored XSS. Affected software: WooCommerce Booking Bundle Hours (versions up to 0.7.4). Root cause: cross-site request forgery enabling stored XSS payloads. Impact is ...

7.1CVSS5.2AI score0.00105EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 4:33 p.m.3 views

CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

7.1CVSS6.1AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 4:33 p.m.15 views

CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

7.1CVSS0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.5 views

WordPress plugin WooCommerce Booking Bundle Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...

7.1CVSS6.5AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.8 views

PT-2025-36811

Name of the Vulnerable Software and Affected Versions: WooCommerce Booking Bundle Hours versions through 0.7.4 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Cristiano Zanca WooCommerce Booking Bundle Hours, which can lead to Stored Cross-Site Scripting XSS. Recommendation...

7.1CVSS5.5AI score0.00105EPSS
Exploits0References3
NVD
NVD
added 2025/08/29 10:15 a.m.7 views

CVE-2025-4643

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

6.3CVSS0.00484EPSS
Exploits0References3
CVE
CVE
added 2025/08/29 10:1 a.m.22 views

CVE-2025-4643

The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...

6.3CVSS6.4AI score0.00484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-41335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be...

3.7CVSS7.2AI score0.00362EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/23 6:36 p.m.5 views

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.3AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2025/08/21 6:15 p.m.16 views

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 5:20 p.m.3 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.6AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 5:20 p.m.10 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS0.00377EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 5:20 p.m.5 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.4AI score0.00377EPSS
Exploits0References3
CVE
CVE
added 2025/08/21 5:20 p.m.16 views

CVE-2025-57768

Phproject (versions 1.8.0–1.8.2; fixed in 1.8.3) contains a Stored XSS in the Planned Hours field during project creation. A POST to /issues/new/ echoes the planned_hours value in the HTML without encoding/sanitization, allowing a attacker-supplied payload (e.g., ) to execute in the browser. The ...

6.9CVSS5.3AI score0.00377EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34267 · Phproject · Phproject

Name of the Vulnerable Software and Affected Versions: Phproject versions 1.8.0 through 1.8.2 Description: Phproject is a high performance full-featured project management system. A Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. A...

6.9CVSS5.8AI score0.00377EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

Phproject 跨站脚本漏洞

Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...

6.9CVSS6AI score0.00377EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/06/20 10:0 a.m.9 views

6 Steps to 24/7 In-House SOC Success

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That's when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.13 views

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

5.4CVSS5.9AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder