Lucene search
K

1008 matches found

Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.3 views

CVE-2025-49416 WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Fastw3b LLC FW Gallery allows PHP Local File Inclusion. This issue affects FW Gallery: from n/a through 8.0.0...

8.1CVSS7.4AI score0.00489EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 11:52 a.m.15 views

CVE-2025-49416

CVE-2025-49416 affects the WordPress FW Gallery plugin (versions n/a–8.0.0). The vulnerability is an improper filename handling in PHP include/require logic leading to Local File Inclusion (LFI). The issue is severe (CVSS v3.1 base score 8.1) with potential high impact on confidentiality, integri...

8.1CVSS5.9AI score0.00489EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 11:52 a.m.13 views

CVE-2025-49416 WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File Inclusion.This issue affects FW Gallery: from n/a through = 8.0.0...

8.1CVSS0.00489EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.5 views

CVE-2025-49448 WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0...

8.6CVSS7AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:20 p.m.4 views

CVE-2025-49447

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...

10CVSS5.2AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:20 p.m.6 views

CVE-2025-49415

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...

8.6CVSS5.9AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 3:15 p.m.12 views

CVE-2025-49447

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...

10CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 3:15 p.m.6 views

CVE-2025-49415

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...

8.6CVSS0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 3:1 p.m.13 views

CVE-2025-49415 WordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through = 8.0.0...

8.6CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 3:1 p.m.16 views

CVE-2025-49415

CVE-2025-49415 is a complex Android media decoder issue in the Dolby Unified Decoder (UDC) used in devices like Google Pixel 9. The bug arises from EMDF parsing in the skip buffer, enabling a buffer overrun on the evo heap and a leak via the emdf_container_length mechanism. The evo heap is a sing...

8.6CVSS5.9AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 3:1 p.m.24 views

CVE-2025-49447

CVE-2025-49447 affects FW Food Menu (WordPress plugin) versions up to and including 6.0.0. The issue is described as an Unrestricted Upload of File with Dangerous Type, enabling the use of malicious files via an unauthenticated arbitrary file upload path. The CVSS 3.1 vector indicates network att...

10CVSS5.2AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 3:1 p.m.12 views

CVE-2025-49447 WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0...

10CVSS0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.6 views

CVE-2025-49268

Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through = 4.9.4...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.15 views

CVE-2025-49268 WordPress Verge3D plugin <= 4.9.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through = 4.9.4...

5.3CVSS0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:53 p.m.40 views

CVE-2025-49268

CVE-2025-49268 is a missing-authorization (broken access control) vulnerability in Verge3D by Soft8Soft. Affected software: Verge3D Publishing and E‑Commerce, versions up to and including 4.9.4 (historical range listed as from n/a through 4.9.4). Public references indicate unauthorized access con...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/02 8:23 p.m.11 views

WordPress WP Plugin Info Card plugin <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via containerid Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Plugin Info Card versions = 5.3.1...

6.4CVSS5.5AI score0.00238EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.8 views

CVE-2025-48241

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.9.3...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:43 p.m.54 views

CVE-2025-48241

CVE-2025-48241 corresponds to a Reflected XSS in Verge3D for WordPress (Verge3D

7.1CVSS5.9AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.9 views

CVE-2025-48241 WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.9.3...

7.1CVSS5.2AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.7 views

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...

6.5CVSS7.2AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder