Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.17 views

PT-2026-47122

Name of the Vulnerable Software and Affected Versions All-In-One Security AIOS – Security and Firewall plugin for WordPress versions prior to 5.4.8 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization in the get rest route function and missing output escaping in t...

7.2CVSS5.7AI score0.00338EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/04/09 11:48 p.m.6 views

WordPress Ultimate FAQ Accordion Plugin plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability

Authenticated Author+ Stored Cross-Site Scripting via FAQ Content vulnerability discovered by WordFence in WordPress Plugin Ultimate FAQ versions = 2.4.7...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:45 p.m.3 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 7:53 p.m.3 views

GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS5.8AI score0.00316EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-25030 WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through 3.47...

9.8CVSS0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 11:8 a.m.3 views

CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

6AI score0.00548EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/25 6:1 a.m.3 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 6:15 p.m.7 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.10791EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 4:59 p.m.4 views

CVE-2025-57763 Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs'

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting XSS vulnerability in the inseredespacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed...

6.4CVSS5.7AI score0.00216EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.6 views

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

9.1CVSS6.8AI score0.01199EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 8:15 p.m.2 views

CVE-2023-26343

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

5.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.5 views

PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt +1

Name of the Vulnerable Software and Affected Versions: CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57 Description: The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to...

9.8CVSS9.5AI score0.01118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/10/26 12:0 a.m.9 views

PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...

7.5CVSS7.2AI score0.02649EPSS
Exploits4References9
CNNVD
CNNVD
added 2021/02/19 12:0 a.m.7 views

Multiple Intel Server System Product Buffer Error Vulnerabilities

Intel Server System is a server array card from Intel Corporation USA. A buffer error vulnerability exists in multiple Intel Server System products. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting...

6.7CVSS7AI score0.00252EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/06 12:0 a.m.3 views

IrfanView .fpx file buffer overflow vulnerability (CNVD-2017-14134)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in version 4.47...

7.8CVSS7.1AI score0.02072EPSS
Exploits0References1
Rows per page
Query Builder