Lucene search
K

49 matches found

EUVD
EUVD
added 2026/06/26 2:53 p.m.3 views

EUVD-2026-39745

Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44744

Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description The WP Maps Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to create administrator accounts and achieve complete site takeover. The issue stems from a temporary acces...

9.8CVSS6AI score0.09461EPSS
Exploits7References51
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.14 views

PT-2026-42916

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.11 views

NPM: FlowiseAI: Vector Store No Permission Checks

NPM: FlowiseAI: Vector Store No Permission Checks vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00327EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:52 p.m.20 views

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00195EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31126

🚨CVE CVE-2026-39487 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL https://t.co/fl64XWhsLE… https://t.co/SLjDDfvUPc ----- Traducción: CVE-202… https://t.co/utmtNgl3sv...

7.6CVSS5.9AI score0.00271EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/13 12:24 a.m.7 views

SUSE CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

7.5CVSS6.6AI score0.00367EPSS
Exploits1References4
NVD
NVD
added 2026/02/02 11:16 p.m.8 views

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS0.00244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.9 views

CVE-2023-45108

Cross-Site Request Forgery CSRF vulnerability in Mailrelay plugin = 2.1.1 versions...

8.8CVSS7.1AI score0.0021EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

7.5CVSS6.6AI score0.02656EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.6 views

CVE-2025-49952

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...

6.5CVSS5.9AI score0.00408EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6582

Malware in sbrugna...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2015-3845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of...

6.8CVSS5.5AI score0.00607EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.11 views

CVE-2021-24492

The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...

8.8CVSS7.6AI score0.01599EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.9 views

CVE-2024-12735

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...

7.2CVSS7.6AI score0.00479EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/13 9:16 p.m.3 views

CVE-2025-43569

Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/24 4:8 p.m.18 views

CVE-2025-46480 WordPress Nepali Post Date plugin <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Padam Shankhadev Nepali Post Date nepali-post-date allows Stored XSS.This issue affects Nepali Post Date: from n/a through = 5.1.1...

6.5CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.8 views

CVE-2025-26739

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1...

6.5CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 10:15 p.m.22 views

CVE-2025-27101

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

8.6CVSS0.00523EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 7:15 p.m.10 views

CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

4.2CVSS0.00223EPSS
Exploits0References3
Rows per page
Query Builder