Lucene search
K

30 matches found

CVE
CVE
added 2025/05/15 8:9 p.m.53 views

CVE-2024-2643

CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...

4.8CVSS5.4AI score0.00315EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/03/21 4:2 p.m.92 views

CVE-2019-16151

Fortinet FortiOS 6.4.1 and below and FortiOS 6.2.9 and below are affected by an improper neutralization of input during web page generation (CWE-79). A remote unauthenticated attacker can exploit a crafted Host header to redirect users to malicious sites or to execute JavaScript in the victim’s b...

6.1CVSS5.1AI score0.00356EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/02 11:59 a.m.70 views

CVE-2023-45760

CVE-2023-45760: wpDiscuz

8.8CVSS7.3AI score0.004EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/27 9:50 a.m.61 views

CVE-2020-9222

CVE-2020-9222 affects Huawei FusionCompute. The vulnerability is a privilege-escalation issue caused by insufficient verification of specific files during deserialization, enabling local attackers to elevate permissions. Affected product/component: Huawei FusionCompute; root cause: improper deser...

7.8CVSS7AI score0.00111EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/13 2:24 p.m.43 views

CVE-2023-41857

CVE-2023-41857 affects the WordPress Click To Tweet plugin up to version 2.0.14, described as a Missing Authorization / Broken Access Control vulnerability. The initial description and connected entries do not provide an explicit remediation or patched version. CVSS v3.1 base score is 5.4 (Medium...

5.4CVSS8.5AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:24 p.m.52 views

CVE-2023-41695

CVE-2023-41695 is a WordPress plugin issue in Analytify (

8.8CVSS7.3AI score0.00444EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/09 11:30 a.m.156 views

CVE-2023-47838

CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:

4.3CVSS7.3AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 9:30 p.m.57 views

CVE-2018-9426

CVE-2018-9426 summary (concrete details from connected docs) Root cause: In RSAKeyPairGenerator.getNumberOfIterations (RSAKeyPairGenerator.java), an incorrect implementation can produce weak RSA key pairs. Impact: Crypto vulnerability with no additional execution privileges; no user interaction r...

7.5CVSS6.8AI score0.00243EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/02 9:26 p.m.54 views

CVE-2018-9423

CVE-2018-9423 affects the Media framework component (ihevcd_parse_slice_header.c) where a missing bounds check allows an out-of-bounds read, leading to DoS. Exploitation requires user interaction. Several connected sources (NVD/Red Hat/Android bulletin) confirm the issue and cite the root cause. ...

6.5CVSS6.8AI score0.00156EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/26 8:55 a.m.58 views

CVE-2018-11922

Technical details (affected product/version, root cause, impact, fixes) for CVE-2018-11922 are not publicly available in the provided connected documents. Monitor for updates from vendors and security bulletins.

9.8CVSS9.6AI score0.00227EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/15 4:15 p.m.82 views

CVE-2022-20633

Cisco ECE (Enterprise Chat and Email) web-based management interface is affected by CVE-2022-20633. The issue arises from differences in authentication responses during login, enabling unauthenticated remote attackers to perform username enumeration and confirm existing user accounts. The vulnera...

5.3CVSS5.4AI score0.00745EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/07/16 10:14 p.m.100 views

CVE-2024-2884

CVE-2024-2884 describes an out-of-bounds read in V8 (Chrome’s JavaScript engine) that could be triggered by a crafted HTML page. Affected product: Google Chrome (Linux/Mac/Windows) with versions prior to 121.0.6167.139. Root cause is an out-of-bounds memory access in V8, allowing remote attackers...

6.5CVSS6AI score0.00247EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/06/12 9:47 a.m.107 views

CVE-2023-44234

CVE-2023-44234 affects the WordPress WP GPX Maps plugin (WP GPX Maps) up to version 1.7.08. Root cause: Missing Authorization (Broken Access Control) allows access to resources without proper permission validation. Documented severity is low (CVSS ~4.3). Public references indicate the vulnerabili...

4.3CVSS4.6AI score0.00277EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/06/04 6:37 p.m.58 views

CVE-2024-25095

CVE-2024-25095 affects WordPress plugin Easy Forms for Mailchimp (

7.5CVSS7.6AI score0.00421EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/06/04 12:22 p.m.40 views

CVE-2023-51511

CVE-2023-51511 involves Booster Elite for WooCommerce (Pluggabl LLC) with an improper authentication vulnerability that allows accessing functionality not properly constrained by ACLs. Affected software: Booster Elite for WooCommerce prior to version 7.1.3. Public references indicate a base CVSS ...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/08 8:56 a.m.68 views

CVE-2023-41651

CVE-2023-41651 corresponds to a WordPress plugin vulnerability in the Multi-column Tag Map plugin (versions

6.5CVSS8.6AI score0.00412EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 1:59 a.m.88 views

CVE-2023-38104

CVE-2023-38104 affects GStreamer realmedia parsing: the MDPR chunk parsing path allows an integer overflow when allocating buffers, enabling remote code execution in the context of the affected process. The vulnerability is network-remote with no user authentication required and requires user int...

8.8CVSS8.5AI score0.01201EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/25 10:53 a.m.26 views

CVE-2020-38712

The IBM bulletin ties CVE-2020-38712 to SOAPAction spoofing in JAX-WS Web Services processing, affecting IBM WebSphere Application Server and IBM Security Verify Governance/Identity Manager component. Affected products include WebSphere Application Server versions 9.0, 8.5, 8.0, and 7.0, and the ...

7.3AI score
Exploits0
CVE
CVE
added 2023/04/18 1:45 p.m.20 views

CVE-2018-14578

The connected Veracode entry identifies a concrete vulnerability in yiisoft/yii2: CSRF due to unvalidated request methods in yii\web\Request::getMethod(), allowing an attacker to bypass CSRF token checks by downgrading the HTTP method to read methods such as GET, HEAD or OPTIONS.

7.2AI score
Exploits0
CVE
CVE
added 2023/02/21 9:48 p.m.23 views

CVE-2018-1681

CVE-2018-1681 affects IBM Data Science Experience Local. The IBM security bulletin confirms a vulnerability that could disclose highly sensitive information to a local unprivileged user. Affected versions are IBM Data Science Experience Local 1.1.0, 1.1.1, 1.1.2, 1.1.3, and 1.2.0. The remediation...

7.2AI score
Exploits0
Rows per page
Query Builder