Lucene search
+L

225 matches found

redhatcve
redhatcve
added 2025/05/17 4:15 a.m.18 views

CVE-2025-3917

The 百度站长SEO合集支持百度/神马/Bing/头条推送 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the downloadremoteimagetomedialibrary function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS8.1AI score0.0074EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/15 12:0 a.m.4 views

WordPress plugin baiduseo 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.6AI score0.0074EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/07 6:25 p.m.7 views

CVE-2025-4279

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

8.8CVSS7.8AI score0.00618EPSS
Exploits0References1
redhat
redhat
added 2025/05/06 2:32 p.m.8 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash...

5.5CVSS7.1AI score0.00384EPSS
Exploits0References6
nvd
nvd
added 2025/05/05 7:15 p.m.10 views

CVE-2025-4279

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

8.8CVSS0.00618EPSS
Exploits0References2
nvd
nvd
added 2025/04/19 8:15 a.m.31 views

CVE-2021-4455

The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic...

9.8CVSS0.00688EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/04/10 3:29 a.m.21 views

CVE-2025-2525

The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...

8.8CVSS7.8AI score0.00874EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/06 7:32 a.m.18 views

CVE-2025-2780

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7.8AI score0.00759EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/06 4:27 a.m.23 views

CVE-2024-13744

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validateproductinputfieldsonaddtocart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS8.1AI score0.00645EPSS
Exploits0References1
nvd
nvd
added 2025/04/04 7:15 a.m.17 views

CVE-2025-2780

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00759EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/04/04 7:0 a.m.8 views

CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS8AI score0.00759EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/04/04 12:0 a.m.5 views

WordPress plugin Booster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.8CVSS8.6AI score0.00645EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/04/03 9:41 a.m.13 views

CVE-2025-2891

The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and abov...

8.8CVSS8AI score0.0066EPSS
Exploits0References1
redhat
redhat
added 2025/03/27 4:47 p.m.4 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash...

5.5CVSS7.1AI score0.00384EPSS
Exploits0References6
redhat
redhat
added 2025/03/27 4:42 p.m.6 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash...

5.5CVSS7.1AI score0.00384EPSS
Exploits0References6
osv
osv
added 2025/03/19 12:15 p.m.4 views

CVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS6.5AI score0.00888EPSS
Exploits0References3
citrix
citrix
added 2025/03/04 12:0 a.m.23 views

uberAgent service stops after a few seconds

Windows' Services console shows that uberAgent service is not running. When manually started, the service starts and stops after a few seconds. uberAgent log file located in C:\Windows\Temp default location shows the issue with network driver startup. Example: 2025-03-01 17:28:33.013 +0200,INFO...

7AI score
Exploits0
cnnvd
cnnvd
added 2025/02/22 12:0 a.m.7 views

WordPress plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

7.2CVSS8.6AI score0.02076EPSS
Exploits2References5
osv
osv
added 2025/02/12 12:15 p.m.4 views

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS7.9AI score0.00893EPSS
Exploits0References2
nvd
nvd
added 2025/02/12 12:15 p.m.19 views

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

9.9CVSS0.00893EPSS
Exploits0References2
Rows per page
Query Builder