Lucene search
K

8338 matches found

CNNVD
CNNVD
added 2025/09/18 12:0 a.m.1 views

WordPress plugin WP Legal Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.4AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.9 views

PT-2025-38306

Name of the Vulnerable Software and Affected Versions WP Legal Pages plugin for WordPress versions up to and including 3.4.3 Description The WP Legal Pages plugin for WordPress is susceptible to unauthorized access of functionality due to a missing capability check on the wplp gdpr install plugin...

8.1CVSS5.7AI score0.00257EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/09/17 8:24 p.m.4 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +137 more potentially affected by CVE-2025-8419 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-8419 Source advisory:...

5.3CVSS6.5AI score0.00383EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/17 3:30 p.m.6 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1878 more potentially affected by CVE-2025-59476 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.516.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-59476 Source advisory: OSV:GHSA-QRH5-JG98-CR48...

5.3CVSS7.2AI score0.00335EPSS
Exploits0
Veracode
Veracode
added 2025/09/17 9:50 a.m.5 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during plugin import operations, which allows an attacker with restricted admin privileges to install unauthorized custom plugins by bypassing plugin signature...

6.8CVSS6.6AI score0.00461EPSS
Exploits0References4Affected Software4
RedHat Linux
RedHat Linux
added 2025/09/16 8:12 p.m.3 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.1 release.

Red Hat Developer Hub 1.7.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

9.1CVSS6.5AI score0.00651EPSS
Exploits2References8
Metasploit
Metasploit
added 2025/09/16 6:53 p.m.1054 views

Obsidian Plugin Persistence

This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...

5.9AI score
Exploits0
Amazon
Amazon
added 2025/09/16 12:0 a.m.3 views

Medium: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. CVE-2024-47544 In GStreamer through 1.26.1, the isomp4 plugin's...

8.1CVSS7AI score0.01051EPSS
Exploits2
Amazon
Amazon
added 2025/09/16 12:0 a.m.3 views

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

5.6CVSS7AI score0.00428EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.6 views

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-3003 (ALAS-2025-3003)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3003 advisory. GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbg...

8.1CVSS7.3AI score0.01051EPSS
Exploits2References8
Gitee
Gitee
added 2025/09/14 5:14 p.m.131 views

fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.3 views

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

6.5CVSS6.6AI score0.00287EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2025/09/11 3:34 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.7AI score0.01158EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/09/11 1:23 p.m.16 views

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

7.3CVSS7.4AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 6:38 a.m.7 views

CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

6.5CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2025/09/10 6:38 a.m.18 views

CVE-2025-9463

CVE-2025-9463 concerns the PeachPay Payments plugin for WooCommerce (and related Payments Plugin for WooCommerce) with a time-based SQL Injection via the order_by parameter. Wordfence’s details specify that all versions up to 1.117.5 are affected due to insufficient escaping and query preparation...

6.5CVSS6AI score0.00287EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.4 views

PT-2025-37021

Name of the Vulnerable Software and Affected Versions: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net versions prior to 1.117.6 Description: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for...

6.5CVSS6.7AI score0.00287EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-15251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...

7.7CVSS6.7AI score0.01128EPSS
Exploits0References2
Wordfence Blog
Wordfence Blog
added 2025/09/09 3:38 p.m.9 views

The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense

The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with "nulled plugins", or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn't just infect websites: it...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/09 12:57 p.m.3 views

CVE-2025-9161 Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

7.3CVSS7.3AI score0.00519EPSS
Exploits0References1
Rows per page
Query Builder