Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/12/15 4:38 p.m.2 views

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

4.6CVSS6.1AI score0.00024EPSS
Exploits1References1
CVE
CVEadded 2025/12/12 12:0 a.m.9 views

CVE-2025-67342

CVE-2025-67342 affects Ruoyi (RuoYi) 4.8.1 and earlier, with a stored XSS in the /system/menu/edit endpoint where the XSS filter can be bypassed. Because the menu is shared across all users, any user with menu modification permissions can impact all users. Affected component: /system/menu/edit; r...

4.6CVSS5.7AI score0.00024EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/12/12 12:0 a.m.24 views

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

0.00024EPSS
Exploits1References1
OSV
OSVadded 2024/01/15 4:15 p.m.1 views

CVE-2023-6066

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

4.3CVSS5.8AI score
Exploits0References1
Prion
Prionadded 2024/01/15 4:15 p.m.11 views

Cross site scripting

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

4CVSS7AI score0.00062EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2024/01/15 12:0 a.m.2 views

WordPress Plugin WP Custom Widget area security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.00062EPSS
Exploits2References2
Huntr
Huntradded 2021/08/04 9:52 a.m.11 views

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.1AI score
Exploits0
NVD
NVDadded 2008/06/26 5:41 p.m.14 views

CVE-2008-2879

Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu...

6.4CVSS6.9AI score0.00648EPSS
Exploits1References4
Rows per page
Query Builder