Lucene search
+L

115 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:50 p.m.7 views

CVE-2022-30960

Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.8 views

CVE-2021-21628

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.81907EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.4 views

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

7.2CVSS7.1AI score0.01112EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.13 views

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.88476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.6 views

CVE-2021-21622

Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.09387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:32 a.m.10 views

CVE-2016-11061

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the...

10CVSS7.7AI score0.01986EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin illi Link Party 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS8AI score0.00265EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.4 views

WordPress plugin PGS Core SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS8.2AI score0.00347EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2025/05/01 12:0 a.m.26 views

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

10CVSS8.1AI score0.00664EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/03/13 6:15 a.m.7 views

CVE-2024-13885

The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00253EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.5 views

WordPress plugin KiviCare – Clinic & Patient Management System (EHR) SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.8CVSS8.8AI score0.00486EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/02/15 11:26 a.m.12 views

CVE-2024-13488 LTL Freight Quotes – Estes Edition <= 3.3.7 - Unauthenticated SQL Injection

The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS0.01104EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

WordPress plugin Legull 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.1CVSS8.2AI score0.00541EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.10 views

WordPress plugin Eventer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS9.2AI score0.00446EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.7 views

WordPress plugin MDTF SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS8.8AI score0.00506EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.7 views

PT-2024-39213 · WordPress · Mailmunch

Name of the Vulnerable Software and Affected Versions: The MailMunch – Grow your Email List plugin for WordPress versions up to, and including, 3.1.8 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...

6.1CVSS8.7AI score0.0048EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.6 views

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.7CVSS7.3AI score0.0045EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/08/17 2:0 a.m.5 views

SUSE CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

9.9CVSS8AI score0.01603EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.6 views

WordPress plugin wp-cart-for-digital-products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.7AI score0.00378EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.8 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the fact that the vulnerability originates from its new Twig tag, which is used to mute discarded...

9.8CVSS7.1AI score0.00863EPSS
Exploits0References6
Rows per page
Query Builder