Lucene search
K

360 matches found

Vulnrichment
Vulnrichment
added 2025/11/18 12:29 p.m.2 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS5.4AI score0.00368EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

5.8CVSS6.7AI score0.00404EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-46938

Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an issue that allows unauthenticated remote attackers to access specific APIs and obtain sensitive information from the internal...

6.9CVSS6.5AI score0.00271EPSS
Exploits0References7
CVE
CVE
added 2025/10/29 9:54 p.m.22 views

CVE-2025-61959

The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...

6.9CVSS6.6AI score0.00249EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 7:32 a.m.6 views

CVE-2025-10145

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the uploadtolibrary function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests ...

7.7CVSS5.7AI score0.00042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 5:27 a.m.2 views

CVE-2025-10145

...

6.2AI score0.00042EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

编号撤回

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...

5.7AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44086

Name of the Vulnerable Software and Affected Versions Auto Featured Image Auto Post Thumbnail plugin for WordPress versions prior to 4.1.8 Description The Auto Featured Image Auto Post Thumbnail plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and includin...

7.7CVSS5.9AI score0.00042EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/27 12:0 a.m.4 views

EUVD-2025-36214

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

6.6AI score0.0212EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.3 views

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

6.7AI score0.0212EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.9 views

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

0.0212EPSS
Exploits1References3
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

WordPress Task Scheduler plugin server-side request forgery vulnerability

WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...

4.4CVSS7AI score0.00217EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/10/16 12:0 a.m.12 views

VulnCheck KEV: CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

7.5CVSS5.8AI score0.0212EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/10/12 10:5 a.m.15 views

CVE-2025-9975

The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wpscraperextractcontent function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary...

6.8CVSS5.8AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-19714

Malware in sbrugna...

8.8CVSS8.6AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12321

Malware in sbrugna...

9.3CVSS7.8AI score0.00299EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-1055

Malware in sbrugna...

5.3CVSS5.5AI score0.01237EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-18889

Malware in sbrugna...

7.8CVSS7.7AI score0.27004EPSS
Exploits0References56
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-25463

Malware in sbrugna...

9.8CVSS7.8AI score0.01567EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5613

Malware in sbrugna...

4CVSS3.8AI score0.00747EPSS
Exploits0References2
Rows per page
Query Builder