Lucene search
K

22 matches found

CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Context Blog 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Context Blog. The...

5.3CVSS5.7AI score0.00336EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-8259

Malware in sbrugna...

5.4CVSS6.8AI score0.02376EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54021

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00612EPSS
Exploits0References3
CVE
CVE
added 2024/09/20 7:33 a.m.59 views

CVE-2024-8853

Vulnerability summary (CVE-2024-8853) The Webo-facto plugin for WordPress is affected in versions up to and including 1.40. The root cause is an insufficient restriction on the doSsoAuthentification function, enabling unauthenticated attackers to escalate privileges by registering with a username...

9.8CVSS9.6AI score0.00642EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/28 12:0 a.m.14 views

CVE-2023-49930

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted...

6.8AI score0.00902EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.46 views

CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS8.8AI score0.00923EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.5 views

WordPress Plugin WP Project Manager Permission License and Access Control Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A permission permission and...

8.8CVSS6.8AI score0.00689EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/08/04 2:4 a.m.9 views

CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

6.6CVSS7.2AI score0.00612EPSS
Exploits0References3
Prion
Prion
added 2023/07/27 7:15 a.m.11 views

Design/Logic Flaw

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4CVSS4.6AI score0.0041EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/06 9:33 a.m.11 views

CVE-2023-2833 ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

8.8CVSS7.2AI score0.1748EPSS
Exploits4References5
Cvelist
Cvelist
added 2023/05/24 12:0 a.m.17 views

CVE-2023-31460

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters...

7.3AI score0.01714EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2019-0241)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6AI score0.04472EPSS
Exploits0References5
Prion
Prion
added 2020/08/05 1:15 p.m.23 views

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

10CVSS9.7AI score0.86749EPSS
Exploits8References6Affected Software1
RedHat Linux
RedHat Linux
added 2019/09/11 3:15 p.m.111 views

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.8AI score0.09393EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2019/09/03 12:0 a.m.36 views

RHEL 8 : java-1.8.0-ibm (RHSA-2019:2590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2590 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

9.8CVSS7.6AI score0.09393EPSS
Exploits3References16
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.53 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20190723)

Security Fixes : - OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 - OpenJDK: Insufficient checks of suppressed exceptions in deserialization Utilities, 8212328 CVE-2019-2762 - OpenJDK: Unbounded memory allocation during deserialization in...

5.8CVSS6.5AI score0.04472EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.259 views

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

5.8CVSS7.3AI score0.09393EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2019/07/23 12:0 a.m.52 views

RHEL 7 : java-1.8.0-openjdk (RHSA-2019:1815)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1815 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

5.8CVSS6.9AI score0.04472EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2019/07/23 12:0 a.m.42 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190722)

Security Fixes : - OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 - OpenJDK: Insufficient checks of suppressed exceptions in deserialization Utilities, 8212328 CVE-2019-2762 - OpenJDK: Unbounded memory allocation during deserialization in...

5.8CVSS6.5AI score0.04472EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/07/23 12:0 a.m.39 views

RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1811 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

5.8CVSS6.9AI score0.04472EPSS
Exploits0References15
Rows per page
Query Builder