Lucene search
K

8338 matches found

CVE
CVE
added 2025/09/09 12:57 p.m.24 views

CVE-2025-9161

CVE-2025-9161 affects the FactoryTalk Optix MQTT broker. The vulnerability stems from insufficient URI sanitization, which allows loading of remote Mosquito plugins and can lead to remote code execution. Documented impact is remote code execution; exploitation details are not provided in the supp...

8.8CVSS7.3AI score0.00519EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/09 12:57 p.m.8 views

CVE-2025-9161 Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

7.3CVSS0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36730

Name of the Vulnerable Software and Affected Versions: FactoryTalk Optix affected versions not specified Description: A security issue exists in FactoryTalk Optix MQTT broker due to insufficient URI sanitization. This flaw allows the loading of remote Mosquito plugins, potentially leading to remo...

7.3CVSS7AI score0.00519EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/09/08 3:25 a.m.8 views

thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to perform memory corruption in the GMP process which process encrypted media. This process is also heavily sandboxed, but represents slightly different...

9.8CVSS7.3AI score0.0053EPSS
Exploits0References6
Gitee
Gitee
added 2025/09/06 12:56 a.m.151 views

jaeles

This is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. The framework is called Jaeles and is designed to be highly customizable. It has a modular architecture, allowing users to easily add or remove plugins to suit their needs. T...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.6 views

CVE-2025-58625

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

5.9CVSS5.9AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.3 views

CVE-2025-58623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through = 1.3.2...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/05 12:0 a.m.5 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2024-10492 +1 more via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

2.7CVSS5.5AI score0.00727EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/03 3:30 p.m.6 views

org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2025-58459 via org.jenkins-ci.plugins:global-build-stats (=1.2)

org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2025-58459...

4.3CVSS5.8AI score0.00258EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/03 3:30 p.m.13 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.45.0) +35 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =718.v40b5f0e67cd3,...

4.3CVSS5.4AI score0.00288EPSS
Exploits0
NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-58625

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

5.9CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 3:15 p.m.13 views

CVE-2025-58613

Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort posts-data-table allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Table with Search & Sort: from n/a through = 1.4.10...

5.3CVSS0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/03 3:8 p.m.9 views

WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao - BlueRock in WordPress Plugin Posts Table with Search & Sort versions = 1.4.10...

5.3CVSS6.8AI score0.0027EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35756

Name of the Vulnerable Software and Affected Versions: Bohemia Plugins Event Feed for Eventbrite versions through 1.3.2 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Bohemia...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.3 views

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS6AI score0.00182EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-45133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to...

9.3CVSS8.2AI score0.0052EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/29 4:25 a.m.3 views

CVE-2025-8147 LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function

The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscacheactivatePlugin function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.2AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2025/08/29 4:25 a.m.16 views

CVE-2025-8147

The CVE-2025-8147 entry concerns the WordPress LWSCache plugin (versions up to and including 2.8.5). The underlying issue is improper authorization in the lwscache_activatePlugin() function, allowing authenticated users with Subscriber-level access and above to activate arbitrary whitelisted LWS ...

4.3CVSS5.2AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.6 views

PT-2025-35187

Name of the Vulnerable Software and Affected Versions: LWSCache plugin for WordPress versions up to and including 2.8.5 Description: The LWSCache plugin for WordPress is susceptible to unauthorized data modification because of insufficient authorization within the lwscache activatePlugin function...

4.3CVSS5.7AI score0.00226EPSS
Exploits0References8
Wordfence Blog
Wordfence Blog
added 2025/08/28 3:46 p.m.19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 18, 2025 to August 24, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS8.9AI score0.16399EPSS
Exploits11
Rows per page
Query Builder