Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47705

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description Error messages returned when RaiseError, PrintError, or HandleError are enabled are written to a 200-byte buffer that lacks a length limit. Attackers capable of influencing the error text within an...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References37
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-39948

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
CVE
CVE
added 2026/03/26 1:2 a.m.10 views

CVE-2026-4831

CVE-2026-4831 affects kalcaddle kodbox 1.64. The vulnerability is described as an improper authentication in the Password-protected Share Handler, specifically in the file /workspace/source-code/app/controller/explorer/auth.class.php. The issue can be exploited remotely; attack complexity is high...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/24 7:31 a.m.11 views

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.6.4

Red Hat OpenShift Builds 1.6.4 Releases of Red Hat OpenShift Builds 1.6.4...

10CVSS6.8AI score0.01945EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/02/18 7:52 p.m.22 views

CVE-2026-23491 InvoicePlane has Unauthenticated Path Traversal in Guest Controller

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the getfile method of the Guest module's Get controller in InvoicePlane up to and including through 1.6.3. The vulnerability allows unauthenticated attacker...

9.3CVSS0.0105EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.4 views

CVE-2025-69193 WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.4...

5.9AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.10 views

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

7.5CVSS6.6AI score0.00543EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin Simple Contact Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 9:15 p.m.7 views

CVE-2025-62782

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved ...

5.9CVSS0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/15 9:29 p.m.13 views

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of...

10CVSS8.3AI score0.0186EPSS
Exploits1References1
OSV
OSV
added 2024/07/02 2:15 a.m.5 views

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00308EPSS
Exploits0References2
Circl
Circl
added 2022/05/10 8:32 p.m.8 views

CVE-2022-1649

creationtimestamp| type| source ---|---|--- 2022-05-10 20:32:48+00:00| seen| https://t.me/cibsecurity/42267...

7.6CVSS6.5AI score0.00681EPSS
Exploits1References1
Circl
Circl
added 2008/04/01 12:0 a.m.5 views

CVE-2008-1649

creationtimestamp| type| source ---|---|--- 2008-04-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/5333...

4.3CVSS5.8AI score0.01901EPSS
Exploits1References1
Rows per page
Query Builder