Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33777

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description A Server-Side Request Forgery SSRF issue exists in the Glances IP plugin due to improper validation of the public api configuration parameter. The value of public api is passed directly to the urlope...

8.8CVSS5.9AI score0.00408EPSS
Exploits3References13
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33776

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The web server exposes a REST API endpoint '/api/4/' that is accessible without authentication. Due to a permissive Cross-Origin Resource Sharing CORS policy, specifically the...

8.8CVSS5.7AI score0.00408EPSS
Exploits3References13
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.5 views

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 10:15 a.m.3 views

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/06 9:20 a.m.23 views

CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1428

Name of the Vulnerable Software and Affected Versions MediaPress plugin for WordPress versions up to and including 1.6.1 Description The MediaPress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mpp-uploader shortcode. This is due to inadequate input sanitization a...

6.4CVSS5.3AI score0.00155EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/11/26 2:42 a.m.7 views

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1689 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)

valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.0.2-beta.0, =0.1.1-beta.1, =0.2.0 and more Source cves: CVE-2025-66020 Source advisory: SNYK:JS-VALIBOT-14122017...

7.5CVSS5.7AI score0.00289EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3112

Malware in sbrugna...

9.8CVSS9.4AI score0.03746EPSS
Exploits4References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-32220

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.6 views

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address...

7.8CVSS7.1AI score0.00118EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.31 views

Apache Doris Security Bypass Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

5.3CVSS6.9AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.20 views

Apache Doris Command Execution Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a command execution vulnerability that originates from an unchecked jdbc driver file used by the jdbc directory, whic...

9.8CVSS7.9AI score0.00962EPSS
Exploits0References1
NVD
NVD
added 2023/12/05 3:15 a.m.29 views

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address...

7.8CVSS0.00118EPSS
Exploits0References1
Prion
Prion
added 2023/12/05 3:15 a.m.23 views

Memory corruption

Memory corruption in MPP performance while accessing DSM watermark using external memory address...

4.3CVSS7.4AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2023/12/05 3:3 a.m.74 views

CVE-2023-28550

CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...

7.8CVSS7.9AI score0.00118EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/05 3:3 a.m.34 views

CVE-2023-28550 Improper Restriction of Operations within the Bounds of a Memory Buffer in MPP Performance

Memory corruption in MPP performance while accessing DSM watermark using external memory address...

7.8CVSS8AI score0.00118EPSS
Exploits0References1
NVD
NVD
added 2017/08/02 2:29 p.m.11 views

CVE-2017-11494

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...

9.8CVSS9.9AI score0.03746EPSS
Exploits4References3
OSV
OSV
added 2017/08/02 2:29 p.m.2 views

CVE-2017-11494

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...

9.8CVSS6.1AI score0.03746EPSS
Exploits4References3
Prion
Prion
added 2017/08/02 2:29 p.m.12 views

Sql injection

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...

7.5CVSS9.9AI score0.03746EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2017/08/02 2:0 p.m.17 views

CVE-2017-11494

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...

10AI score0.03746EPSS
Exploits4References3
Rows per page
Query Builder