Lucene search
K

83 matches found

Cvelist
Cvelist
added 2025/05/23 12:44 p.m.23 views

CVE-2025-31636 WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

7.1CVSS0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:32 a.m.7 views

CVE-2024-38720

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0...

6.5CVSS6.8AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 p.m.8 views

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

7.5CVSS7.2AI score0.01712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.8 views

CVE-2019-5402

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

10CVSS7AI score0.04296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.11 views

CVE-2025-48264

Cross-Site Request Forgery CSRF vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through = 1.5.0...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/17 2:54 a.m.4 views

SUSE CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References32
OSV
OSV
added 2025/05/15 10:15 p.m.2 views

UBUNTU-CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

7.5CVSS6.6AI score0.00667EPSS
Exploits0References5
OSV
OSV
added 2025/05/15 9:17 p.m.14 views

CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References5
OSV
OSV
added 2025/03/06 12:31 a.m.4 views

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

4.3CVSS6.9AI score0.00727EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

Logpoint AgentX 安全漏洞

Logpoint AgentX is a component of a Security Information and Event Management SIEM solution from Logpoint Denmark. A security vulnerability exists in Logpoint AgentX versions prior to 1.5.0 that stems from inadequate access control and allows the li-admin user to access sensitive information...

6.9CVSS6.5AI score0.00353EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/11 3:34 p.m.3 views

WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Simple Google Calendar Outlook Events Block Widget versions = 2.5.0...

6.5CVSS6.1AI score0.00193EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/01/17 5:15 p.m.4 views

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

8.6CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/03 12:0 a.m.5 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, SMS alerts and product image zoom. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel Import prior to version 6.5.0, which stems from a...

9.8CVSS6.6AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.31 views

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

5.4CVSS9AI score0.01385EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/04 4:45 a.m.2 views

RakRak Document Plus vulnerable to path traversal

Overview RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.7AI score0.00874EPSS
Exploits0References5
NCSC
NCSC
added 2023/11/16 12:0 a.m.7 views

Vulnerability fixed in VMware Cloud Director Appliance

VMware has discovered a vulnerability in Cloud Director Appliance. A workaround for this has been published. The vulnerability occurs only when Cloud Director Appliance has received an upgrade to 10.5.0 from a lower version. Newly installed systems running on 10.5.0, or systems running on older...

9.8CVSS6.5AI score0.01345EPSS
Exploits4
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.5 views

PaddlePaddle 资源管理错误漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle versions prior to 2.5.0, which stems from a Use after free vulnerability. An attacker could use this vulnerability to perform unauthorized operations or...

9.8CVSS8.4AI score0.00657EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/21 12:0 a.m.7 views

WordPress Plugin Jupiter X Core 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

7.5CVSS7.8AI score0.00987EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.8 views

PT-2023-8732 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50 Description: The issue is related to the lack of authentication for a critical function in SAP AS NetWeaver JAVA, allowing an unauthenticated attacker to attach t...

9.4CVSS9.2AI score0.00624EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.9 views

SUSE CVE-2021-29543

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS5.4AI score0.00189EPSS
Exploits1References3
Rows per page
Query Builder