Lucene search
+L

73 matches found

Vulnrichment
Vulnrichment
added 2025/12/04 4:29 a.m.3 views

CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/10/29 11:17 p.m.521 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

9.8CVSS7.7AI score0.99947EPSS
Exploits18
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-19880

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.06479EPSS
Exploits3References7
SUSE CVE
SUSE CVE
added 2025/08/14 2:53 a.m.4 views

SUSE CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

3.7CVSS7.3AI score0.00394EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/08/13 2:46 p.m.4 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.7AI score0.00394EPSS
Exploits0
NVD
NVD
added 2025/07/03 2:15 p.m.17 views

CVE-2025-5961

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...

7.2CVSS0.06479EPSS
Exploits3References7
Vulnrichment
Vulnrichment
added 2025/07/03 1:44 p.m.12 views

CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...

7.2CVSS8AI score0.06479EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.10 views

PT-2025-27805 · WordPress · Wpvivid Backup/Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress versions up to, and including, 0.9.116 Description: The issue is related to arbitrary file uploads due to missing file type validation in the wpvivid upload import...

7.2CVSS7.3AI score0.06479EPSS
Exploits3References14
OSV
OSV
added 2025/05/30 1:48 p.m.2 views

OESA-2025-1563 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS6.6AI score0.00586EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.15 views

CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

6.5CVSS6.4AI score0.00413EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.6 views

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

7.8CVSS7.7AI score0.00401EPSS
Exploits1References1
NVD
NVD
added 2025/02/22 1:15 p.m.18 views

CVE-2024-13869

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

7.2CVSS0.02076EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/02/22 12:39 p.m.16 views

CVE-2024-13869 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

7.2CVSS7.3AI score0.02076EPSS
Exploits2References4
CVE
CVE
added 2025/02/22 12:39 p.m.78 views

CVE-2024-13869

CVE-2024-13869 affects Migration, Backup, Staging – WPvivid Backup & Migration for WordPress. Wordfence notes a vulnerability in the wpvivid_upload_file path that allows an authenticated attacker with Admin+ privileges to upload arbitrary files, enabling potential remote code execution. Versions ...

7.2CVSS7.3AI score0.02076EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.5 views

PT-2024-16388 · Nginx · Nginx

Name of the Vulnerable Software and Affected Versions: Opt-In Downloads plugin for WordPress versions up to, and including, 4.07 Description: The issue is related to missing file type validation in the admin upload function, allowing authenticated attackers with Subscriber-level access and above ...

8.8CVSS8AI score0.00811EPSS
Exploits0References7
OSV
OSV
added 2024/05/08 6:15 a.m.4 views

CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

6.5CVSS5.6AI score0.00413EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.7 views

WordPress plugin SSL Zen 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.3AI score0.00413EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/04/09 12:0 a.m.4 views

F5 Nginx 缓冲区错误漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in F5 Nginx NJS version...

7.5CVSS7.2AI score0.00732EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.7 views

PT-2023-11529 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the njs object property parameter of the njs/njs vm.c function, specifically through the njs object property...

9.8CVSS9.6AI score0.01333EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/11/03 12:0 a.m.6 views

The vulnerability of the njs_promise_reaction_job function in the njs interpreter of the nginx server allows a attacker to cause a service failure.

The vulnerability of the njspromisereactionjob function in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS7.6AI score0.0074EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder