Lucene search
K

23 matches found

Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/06 6:48 p.m.7 views

Improper Certificate Validation

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Improper Certificate Validation in the ldap process. An attacker can intercept authentication credentials and modify LDAP responses by performing a man-in-the-middle attack...

7.6CVSS5.8AI score0.00094EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/14 12:0 a.m.4 views

CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.5AI score0.00191EPSS
Exploits2
EUVD
EUVD
added 2026/04/09 12:31 a.m.4 views

EUVD-2026-20771

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...

8.4CVSS6AI score0.0075EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31565

Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...

6.5CVSS6.5AI score0.0111EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

10CVSS8.8AI score0.36511EPSS
Exploits11References6
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-53470

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

3.1CVSS6.8AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.5 views

CVE-2025-13405

The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...

5.3CVSS0.00229EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/11 12:30 p.m.7 views

EUVD-2025-33849

The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/09/22 6:25 p.m.7 views

CVE-2025-57938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.2...

6.5CVSS5.7AI score0.00203EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/22 1:55 p.m.9 views

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

5.9CVSS6AI score0.0017EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/05/27 7:2 a.m.59 views

CVE-2024-47090

CVE-2024-47090 affects Nagvis prior to version 1.9.47 and allows an XSS via the WYSIWYG editor (improper input neutralization). Connected sources confirm Debian/Debian LTS advisory DLA-4233-1 fixes this issue in Debian 11 with Nagvis package 1:1.9.25-2+deb11u2. The Nessus entry also references an...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 5:51 p.m.7 views

CVE-2020-21147

RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...

4.8CVSS6AI score0.00624EPSS
Exploits1
Patchstack
Patchstack
added 2025/02/18 11:27 p.m.7 views

WordPress Trash Duplicate and 301 Redirect plugin <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin Trash Duplicate and 301 Redirect versions = 1.9...

7.5CVSS7AI score0.00502EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/31 6:15 a.m.3 views

CVE-2024-13225

The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00577EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/24 5:25 p.m.7 views

CVE-2025-24696 WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6...

4.3CVSS4.7AI score0.00205EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.5 views

WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Shabbos and Yom Tov versions = 1.9...

7.1CVSS6.2AI score0.00169EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 5:44 p.m.3 views

WordPress Stylish Internal Links plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zlrqh Patchstack Alliance in WordPress Plugin Stylish Internal Links versions = 1.9...

6.5CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/03/31 12:0 a.m.3 views

WordPress plugin TFO Graphviz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4CVSS4.5AI score0.00491EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.4 views

PT-2023-27126 · Unknown · Phpscriptpoint Recipepoint

Name of the Vulnerable Software and Affected Versions: phpscriptpoint RecipePoint version 1.9 Description: A critical issue was found in phpscriptpoint RecipePoint, affecting an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking...

9.8CVSS7AI score0.00448EPSS
Exploits0References5
Rows per page
Query Builder