CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7298

Malware in sbrugna...

5.8CVSS6.8AI score0.03606EPSS

Exploits0References9

OpenVAS•added 2024/05/07 12:0 a.m.•23 views

SUSE: Security Advisory (SUSE-SU-2024:1122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.69905EPSS

Exploits1References5

OSV•added 2024/04/08 11:28 a.m.•7 views

SUSE-SU-2024:1160-1 Security update for go1.22

This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.22.2 bsc1218424...

7.5CVSS7.8AI score0.69905EPSS

Exploits1References4

OSV•added 2024/04/05 6:20 p.m.•8 views

SUSE-SU-2024:1122-1 Security update for go1.21

This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.21.9 bsc1212475...

7.5CVSS7.8AI score0.69905EPSS

Exploits1References4

OSV•added 2024/04/05 3:31 p.m.•4 views

SUSE-SU-2024:1121-1 Security update for go1.22

7.5CVSS7.1AI score0.69905EPSS

Exploits1References4

OSV•added 2024/03/06 11:12 a.m.•30 views

BIT-WORDPRESS-2020-11028 Unauthenticated disclosure of certain private posts in WordPress

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

7.5CVSS7.8AI score0.00949EPSS

Exploits0References5

OSV•added 2024/03/06 11:12 a.m.•19 views

BIT-WORDPRESS-2020-11030 Cross-site scripting (XSS) in Search block in WordPress

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...

6.4CVSS5.7AI score0.01037EPSS

Exploits0References4

OSV•added 2024/03/06 11:11 a.m.•31 views

BIT-WORDPRESS-MULTISITE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress

7.5CVSS7.8AI score0.00949EPSS

Exploits0References5

OSV•added 2024/03/06 11:11 a.m.•28 views

BIT-WORDPRESS-MULTISITE-2020-11029 Cross-site scripting in stats method (object cache) in WordPress

In affected versions of WordPress, a vulnerability in the stats method of class-wp-object-cache.php can be exploited to execute cross-site scripting XSS attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

6.1CVSS6.5AI score0.0265EPSS

Exploits0References5

OSV•added 2024/03/06 11:11 a.m.•22 views

BIT-WORDPRESS-MULTISITE-2020-4046 Authenticated XSS through embed block in WordPress

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

5.4CVSS5.5AI score0.06854EPSS

Exploits0References7

SUSE CVE•added 2024/02/28 4:2 a.m.•1 views

SUSE CVE-2021-46905

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 "net: hso: fix null-ptr-deref during tty device unregistration" fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointe...

4CVSS7.9AI score0.00011EPSS

Exploits0References12

Rockylinux•added 2020/09/08 12:0 a.m.•19 views

sapconf to be removed from RHEL 8

The sapconf package is going to be removed from Rocky Linux 8. The sapconf package is going to be removed from Rocky Linux 8 with the next minor release. The sapconf functionality is provided by the rhel-system-roles-sap package available in the SAP Solutions repository...

2.4AI score

Exploits0

OSV•added 2020/06/12 4:15 p.m.•16 views

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

2.4CVSS6.5AI score

Exploits0References8

OSV•added 2020/06/12 4:15 p.m.•1 views

UBUNTU-CVE-2020-4048

In affected versions of WordPress, due to an issue in wpvalidateredirect and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release...

5.7CVSS6.5AI score0.03502EPSS

Exploits0References6