Lucene search
K

8338 matches found

OSV
OSV
added 2025/08/13 4:16 a.m.4 views

CVE-2025-0818

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...

6.5CVSS5.8AI score0.00697EPSS
Exploits0References8
CVE
CVE
added 2025/08/13 3:42 a.m.35 views

CVE-2025-0818

The CVE-2025-0818 entry maps to a Directory Traversal affecting several WordPress file-manager plugins using elFinder up to version 2.1.64. Connected sources confirm concrete exploit details: unauthenticated attackers can delete arbitrary files when a file-manager instance is exposed to users. Re...

6.5CVSS6.9AI score0.00697EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/08/13 3:42 a.m.11 views

CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...

6.5CVSS0.00697EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/13 3:28 a.m.3 views

Malicious code in rush-plugins (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

6.9AI score
Exploits0
OSV
OSV
added 2025/08/13 3:28 a.m.1 views

MAL-2025-6955 Malicious code in rush-plugins (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.3 views

PT-2025-32965

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.3 Description: The plugin is susceptible to a PHP Object Injection due to the deserialization of untrusted input within the get lead...

9.8CVSS6.3AI score0.01589EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.5 views

PT-2025-33082 · Traq · Traq

Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...

10CVSS7.7AI score0.01489EPSS
Exploits0References8
Snyk
Snyk
added 2025/08/12 5:44 p.m.1 views

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control in certain device plugins, which can allow denial of service. Remediation Upgrade github.com/intel/intel-device-plugins-for-kubernetes/cmd/internal/labeler to version 0.32.0 or higher. References - GitHub Commit ...

6.7CVSS6.9AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 5:15 p.m.2 views

CVE-2025-24313

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...

6.7CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 4:58 p.m.14 views

CVE-2025-24313

CVE-2025-24313 affects Intel Device Plugins for Kubernetes prior to version 0.32.0. The root cause is improper access control in certain device plugin components, which can allow a privileged local attacker to trigger a denial of service, affecting availability. The official Intel advisory and co...

6.7CVSS6.8AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 4:58 p.m.5 views

CVE-2025-24313

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...

6.7CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 4:58 p.m.2 views

CVE-2025-24313

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...

6.7CVSS6.8AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 4:15 p.m.6 views

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS0.0087EPSS
Exploits1References3
CVE
CVE
added 2025/08/12 3:57 p.m.24 views

CVE-2025-55010

Kanboard before 1.2.47 is affected by an unsafe deserialization in ProjectEventActvityFormatter that lets an admin modify event["data"] in project_activities to instantiate arbitrary PHP objects, enabling a gadget to write a web shell in /plugins and achieve remote code execution. The issue has b...

9.1CVSS8.1AI score0.0087EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/12 3:57 p.m.8 views

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS0.0087EPSS
Exploits1References3
OSV
OSV
added 2025/08/12 3:57 p.m.7 views

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS8AI score0.0087EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/12 6:42 a.m.1 views

CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

8.8CVSS7.8AI score0.00548EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/12 12:28 a.m.8 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS7.3AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.3 views

PT-2025-32726 · Intel · Intel Device Plugins For Kubernetes

Name of the Vulnerable Software and Affected Versions: Intel Device Plugins for Kubernetes versions prior to 0.32.0 Description: Improper access control in certain Device Plugins for Kubernetes software maintained by Intel may allow a privileged user to potentially cause a denial of service via...

6.7CVSS7AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.2 views

Intel Device Plugins for Kubernetes 访问控制错误漏洞

Intel Device Plugins for Kubernetes is a set of frameworks and implementations developed by Intel for exposing hardware resources such as GPUs, FPGAs, etc. to container applications in a Kubernetes cluster. An improper access control vulnerability exists in Intel Device Plugins for Kubernetes,...

6.7CVSS6.6AI score0.00133EPSS
Exploits0References2
Rows per page
Query Builder