Lucene search
+L

601 matches found

OSV
OSV
added 2025/12/06 11:42 a.m.6 views

BIT-MONGODB-2025-11979 Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...

6.5CVSS7AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.14 views

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 7:16 a.m.6 views

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 6:7 a.m.32 views

CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.2 views

CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.7AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 6:7 a.m.4 views

EUVD-2025-201361

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.6AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 6:7 a.m.19 views

CVE-2025-12186

CVE-2025-12186 (Weekly Planner WordPress plugin) is a stored XSS vulnerability affecting Weekly Planner versions up to 1.0. The flaw arises from insufficient input sanitization and output escaping in admin/settings, enabling authenticated attackers with administrator-level privileges (including m...

4.4CVSS4.7AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

WordPress plugin Weekly Planner 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

4.4CVSS5.7AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49224

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5AI score0.00173EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 11:15 p.m.7 views

WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Divide By Zero (CVE-2019-16168)

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a severe division by zero in the query planner. This plugin only works with Tenable.ot. Please visit...

6.5CVSS6.8AI score0.04219EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.10 views

CVE-2025-11891

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.7 views

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.7 views

EUVD-2025-60975

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.3AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/11 6:30 a.m.7 views

EUVD-2025-60977

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS4.9AI score0.00269EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS0.00269EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-11891

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS0.00305EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.26 views

CVE-2025-11891

CVE-2025-11891 : Shelf Planner (WordPress) up to version 2.7.0 exposes log files publicly, enabling unauthenticated access to sensitive information. Several connected sources (Wordfence, Patchstack, PT Security, CVE listings) corroborate the flaw and patch status. Patch available: Shelf Planner s...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.14 views

CVE-2025-11891 Shelf Planner <= 2.8.1 - Unauthenticated Information Exposure via Log Files

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.5 views

CVE-2025-11891 Shelf Planner <= 2.7.0 - Unauthenticated Information Exposure via Log Files

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.4AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder