Lucene search
K

28 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51704

Name of the Vulnerable Software and Affected Versions MotorDesk versions prior to 1.1.3 Description The MotorDesk plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to perform actions they do not intend to...

4.3CVSS5.6AI score0.00145EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/11 1:26 p.m.12 views

Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

5.5AI score0.00023EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/06 5:16 a.m.13 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.3 views

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

5.4CVSS5.7AI score0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/14 3:16 p.m.3 views

CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

5.5CVSS5.8AI score0.00102EPSS
Exploits0References6
CVE
CVE
added 2026/01/14 3:7 p.m.19 views

CVE-2025-71139

CVE-2025-71139 – Linux kernel kexec CMA/IMA handling : The issue arises when the kexec target address is allocated in CMA space. The kernel’s kimage_map_segment() path assumes IND_SOURCE pages exist and maps them via vmap(), but CMA-based allocation bypasses IND_SOURCE, leading to a warning and i...

5.5CVSS6.1AI score0.00102EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201880

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS4.8AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-13604

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 4:36 a.m.2 views

CVE-2025-13604 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS4.9AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49799

Name of the Vulnerable Software and Affected Versions CleanTalk plugin for WordPress versions prior to 2.169 Description The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization an...

7.2CVSS5.9AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-4178

Malware in sbrugna...

5CVSS6.1AI score0.01961EPSS
Exploits0References18
OSV
OSV
added 2025/08/27 5:19 p.m.5 views

DRUPAL-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

6.5CVSS6.9AI score0.00355EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/08/06 2:1 a.m.3 views

SUSE CVE-2024-41048

In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in skmsgrecvmsg When running BPF selftests ./testprogs -t sockmapbasic on a Loongarch platform, the following kernel panic occurs: ... Oops1: CPU: 22 PID: 2824 Comm: testprogs Tainted: G OE 6.10.0-rc2+...

6.5CVSS6.3AI score0.00273EPSS
Exploits0References16
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from passing a null pointer to the pageaddress function in the skmsgrecvmsg function when handling zero-length...

5.5CVSS6.3AI score0.00273EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.5 views

PT-2023-7654 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager AEM, which can be exploited by a remote attacker to execute arbitrary code....

5.5CVSS5.2AI score0.00597EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/05/09 5:15 p.m.6 views

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

6.1CVSS5.8AI score0.00773EPSS
Exploits2References2
OSV
OSV
added 2020/03/25 10:15 p.m.3 views

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

6.5CVSS7AI score0.01039EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/10/01 12:0 a.m.8 views

The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.

The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...

4.3CVSS5.6AI score0.01915EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/04/02 12:0 a.m.3 views

SAP EMR Unwired and Clinical Task Tracker Access Restriction Bypass Vulnerabilities

SAP EMR Unwired is a mobile app that enables physicians and nurses to instantly access patient data when they need it.SAP Clinical Task Tracker is an easy and secure way to access clinical tasks assigned to your patients anytime, anywhere. SAP EMR Unwired and Clinical Task Tracker fail to properl...

6.4CVSS6.8AI score0.01209EPSS
Exploits0References1
Rows per page
Query Builder