Lucene search
K

8338 matches found

OSV
OSV
added 2025/07/29 1:38 p.m.3 views

RLSA-2025:7894 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...

7.6CVSS5.9AI score0.97809EPSS
Exploits6References2
CVE
CVE
added 2025/07/29 9:23 a.m.10 views

CVE-2025-6730

CVE-2025-6730 : Bonanza – WooCommerce Free Gifts Lite (WordPress) up to version 1.0.0 is vulnerable to unauthorized data modification due to a missing capability check in xlo_optin_call(). Authenticated users with Subscriber level access and above can set the opt-in status to success. Impact is l...

4.3CVSS6.1AI score0.00184EPSS
Exploits0References2
HackRead
HackRead
added 2025/07/28 5:45 p.m.5 views

macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls...

6.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/07/28 4:0 p.m.24 views

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control TCC, such as files in the Downloads folder, as well as caches utilized by Apple Intelligence. While similar to prio...

7CVSS7.2AI score0.13453EPSS
Exploits1
Gitee
Gitee
added 2025/07/27 4:39 a.m.105 views

Sitadel

This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible for Python = 3.4. It allows more flexibility for users to write new modules and implement new features, such as frontend framework detection, content delivery network detection, and plugi...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/27 4:23 a.m.3 views

CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function

The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...

4.3CVSS6AI score0.00176EPSS
Exploits0References4
OSV
OSV
added 2025/07/26 8:52 a.m.1 views

MAL-2025-6250 Malicious code in @grafanacloud/plugins-platform-backend (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb7ac91dd5a55c67e31e4875b9f32f5a8778e2d25e69dc79e81d418356990fa8 The OpenSSF Package Analysis project identified...

7.3AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2025/07/26 12:0 a.m.2 views

Security update for gstreamer-plugins-bad (important)

openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2025:0229-1 Rating: important References: 1242809 Cross-References: CVE-2025-3887 CVSS scores: CVE-2025-3887 SUSE: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products...

8.6CVSS7.7AI score0.00708EPSS
Exploits0References1
OSV
OSV
added 2025/07/24 11:46 a.m.3 views

SUSE-SU-2025:20507-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 - CVE-2025-47806: Fixed Stack buffer overflow in SubRip...

5.6CVSS7.5AI score0.00428EPSS
Exploits3References7
SUSE Linux
SUSE Linux
added 2025/07/24 11:44 a.m.2 views

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 CVE-2025-47806: Fixed Stack buffer overflow in SubRip subtit...

5.5CVSS7.4AI score0.00428EPSS
Exploits3References12
The Hacker News
The Hacker News
added 2025/07/24 5:11 a.m.17 views

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins aka mu-plugins are special plugins that are automatically activate...

8.3AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/07/23 11:18 a.m.2 views

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...

5.5CVSS7.2AI score0.00428EPSS
Exploits3References12
OSV
OSV
added 2025/07/23 11:18 a.m.2 views

SUSE-SU-2025:02472-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...

5.6CVSS6.7AI score0.00428EPSS
Exploits3References7
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.3 views

DB-GPT 命令注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from a file upload vulnerability in agent.hub.controller.refreshplugins that could lead to the execution of arbitrary...

6.5CVSS6.9AI score0.00349EPSS
Exploits1References4
NVD
NVD
added 2025/07/19 5:15 a.m.4 views

CVE-2025-7696

The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

9.8CVSS0.01033EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/19 4:23 a.m.9 views

CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function

The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

9.8CVSS0.01055EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/19 4:23 a.m.8 views

CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function

The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

9.8CVSS0.01033EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/18 10:59 a.m.5 views

CVE-2025-54039

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/07/17 11:37 a.m.5 views

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244405. CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer bsc1234421...

7.8CVSS9.6AI score0.00997EPSS
Exploits2References12
OSV
OSV
added 2025/07/17 11:37 a.m.4 views

SUSE-SU-2025:02347-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. - CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244405. - CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer...

9.8CVSS6.3AI score0.00997EPSS
Exploits2References7
Rows per page
Query Builder