Lucene search
K

712 matches found

CNNVD
CNNVD
added 2021/06/21 12:0 a.m.4 views

WordPress 竞争条件问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

8.1CVSS7.6AI score0.01183EPSS
Exploits2References1
CNVD
CNVD
added 2021/06/09 12:0 a.m.15 views

WordPress FlightLo plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress FlightLo plug...

7.2CVSS7.3AI score0.01547EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2021/06/08 8:11 p.m.118 views

Remote code execution in zendframework and laminas-http

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.5AI score0.75313EPSS
Exploits3References7Affected Software2
OSV
OSV
added 2021/06/08 8:11 p.m.72 views

GHSA-XX8F-QF9F-5FGW Remote code execution in zendframework and laminas-http

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.7AI score0.75313EPSS
Exploits3References6
CNVD
CNVD
added 2021/06/06 12:0 a.m.8 views

WordPress plugin cross-site scripting vulnerability (CNVD-2021-44296)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Funnel Builder by CartFlows - Create High Converting Sale...

4.8CVSS5.3AI score0.00652EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/27 12:0 a.m.9 views

Joomla! cross-site request forgery vulnerability (CNVD-2021-38295)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

6.5CVSS6.6AI score0.00604EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/24 12:0 a.m.9 views

WordPress plugin cross-site request forgery vulnerability (CNVD-2021-37475)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . 404 SEO Redirection Cross-site request forgery...

6.5CVSS6.7AI score0.0056EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/24 12:0 a.m.7 views

WordPress plugin cross-site scripting vulnerability (CNVD-2021-37474)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in version 1....

6.1CVSS5.7AI score0.00827EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/21 12:0 a.m.9 views

WordPress plugin cross-site scripting vulnerability (CNVD-2021-39959)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in Happy Addo...

5.4CVSS5.5AI score0.00636EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/20 12:0 a.m.10 views

WordPress plugin cross-site scripting vulnerability (CNVD-2021-36524)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

4.8CVSS5.8AI score0.00743EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/20 12:0 a.m.9 views

WordPress plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in versions o...

6.1CVSS5.8AI score0.10358EPSS
Exploits5References1
CNVD
CNVD
added 2021/05/14 12:0 a.m.7 views

WordPress WPBakery Page Builder Clipboard Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WPBakery Page Builder Visual Composer...

5.4CVSS5.8AI score0.00703EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/11 12:0 a.m.9 views

SKYUC video-on-demand system has SQL injection vulnerability

SKYUC video on demand system is a theater solution built using PHP language and MYSQL database. SKYUC Video-on-Demand System suffers from SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2021/05/01 12:0 a.m.5 views

Dream CMS has multiple vulnerabilities

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS has multiple vulnerabilities that can be exploited by attackers to obtain sensitive database information...

7.1AI score
Exploits0
CNVD
CNVD
added 2021/04/16 12:0 a.m.9 views

Wordpress XXE Vulnerability

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A XXE vulnerability exists in Wordpress versions 5.6 - 5.7. The vulnerability stems from an...

7.1CVSS6.5AI score0.85719EPSS
Exploits20References1
CNVD
CNVD
added 2021/04/14 12:0 a.m.3 views

Rgcms 2.0-build2021040501 has a file upload vulnerability

Rgcms is an open source building management system, written in PHP language, the system features free, extended, extremely safe, free and open source. Rgcms 2.0-build2021040501 file upload vulnerability , an attacker can use the vulnerability to obtain control of the server...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.5 views

The vulnerability of the openssl_encrypt() function in the PHP programming language allows a perpetrator to gain access to confidential data and compromise its integrity.

The vulnerability of the opensslencrypt function in the PHP programming language is related to weak encryption methods. Exploiting this vulnerability allows an attacker to gain access to confidential data and compromise its integrity...

6.5CVSS6.8AI score0.02055EPSS
Exploits0References11Affected Software5
CNVD
CNVD
added 2021/03/05 12:0 a.m.10 views

Joomla! cross-site scripting vulnerability (CNVD-2021-15050)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 2.5.0 - 3.9.24. The...

6.1CVSS5.9AI score0.00942EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/05 12:0 a.m.8 views

Joomla! path traversal vulnerability (CNVD-2021-16936)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

5.5CVSS6.5AI score0.01161EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/05 12:0 a.m.10 views

Joomla! Template Manager Missing Input Validation Vulnerability

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A vulnerability exists in Joomla! 3.2.0 - 3.9.24 where the template manager lacks...

7.5CVSS6.7AI score0.01546EPSS
Exploits0References1
Rows per page
Query Builder