Lucene search
K

8339 matches found

OSV
OSV
added 2025/09/22 8:21 a.m.2 views

SUSE-SU-2025:20751-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser bsc1244407. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlaye...

5.6CVSS6AI score0.00428EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.3 views

PT-2025-38798

Name of the Vulnerable Software and Affected Versions e-plugins Directory Pro versions through 2.5.5 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for potential malicious code...

6.5CVSS7AI score0.0025EPSS
Exploits0References3
Veeam
Veeam
added 2025/09/22 12:0 a.m.41 views

Build Numbers and Versions of Veeam Plug-in for Scale Computing HyperCore

This KB article lists all versions of the Veeam Plug-in for Scale Computing HyperCore and their respective worker build numbers. Version | Plug-In / Worker Build | Release Date ---|---|--- Veeam Plug-in for Scale Computing HyperCore 3 Releases Veeam Plug-in for Scale Computing HyperCore 3.1...

5.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.6 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS8AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/20 10:33 a.m.25 views

CVE-2025-8565

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS5.3AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/20 7:31 a.m.15 views

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

8.4CVSS9AI score0.00756EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/19 9:31 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the import directory path configuration. An attacker can execute arbitrary code by uploading a malicious plugin to the prepackaged plugins directory. This is only exploitable if the attacke...

8CVSS7.7AI score0.00599EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/19 9:31 p.m.17 views

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS8AI score0.00599EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2025/09/19 9:31 p.m.5 views

GHSA-QX3F-6VQ3-8J8M Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS8AI score0.00599EPSS
Exploits0References10
NVD
NVD
added 2025/09/19 8:15 p.m.23 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS0.00599EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/19 7:22 p.m.4 views

CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS7.6AI score0.00599EPSS
Exploits0References1
CVE
CVE
added 2025/09/19 7:22 p.m.32 views

CVE-2025-9079

Mattermost vulnerable versions (10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x

8CVSS7.6AI score0.00599EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/19 7:22 p.m.29 views

CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS0.00599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38614

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.10.x through 10.10.1 Mattermost versions 10.9.x through 10.9.3 Mattermost versions prior to...

9.9CVSS7.6AI score0.02829EPSS
Exploits11References58
Wordfence Blog
Wordfence Blog
added 2025/09/18 2:42 p.m.19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.8AI score0.00746EPSS
Exploits4
NVD
NVD
added 2025/09/18 10:15 a.m.44 views

CVE-2025-8565

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/18 6:11 a.m.11 views

CVE-2023-49565 Remote Code Execution

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

0.00756EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/18 6:11 a.m.3 views

CVE-2023-49565 Remote Code Execution

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

8.5AI score0.00756EPSS
Exploits0References1
CVE
CVE
added 2025/09/18 6:11 a.m.16 views

CVE-2023-49565

The CVE-2023-49565 entry concerns the cbis_manager Podman container. The vulnerability allows remote command execution through the /api/plugins endpoint due to improper sanitization of HTTP headers X-FILENAME, X-PAGE, and X-FIELD, which are directly used by a subprocess.Popen call without suffici...

8.4CVSS8.5AI score0.00756EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.1 views

WordPress plugin WP Legal Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.4AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder