Lucene search
K

34 matches found

CVE
CVE
added 2026/04/14 12:8 a.m.18 views

CVE-2026-39418

CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...

7.4CVSS5.7AI score0.00198EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.6 views

CVE-2026-24973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...

7.1CVSS5.8AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.5 views

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.12 views

PT-2026-2804

Name of the Vulnerable Software and Affected Versions GuardDog versions prior to 2.7.1 Description GuardDog, a CLI tool for identifying malicious PyPI packages, contains a flaw in its safe extract function. This function does not validate the size of decompressed files when handling ZIP archives,...

7.5CVSS6.5AI score0.00431EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2025/11/05 6:41 p.m.5 views

GO-2025-4085 Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel

Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

9.8CVSS7AI score0.00353EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 7:17 p.m.7 views

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

6.2CVSS6.7AI score0.92094EPSS
Exploits4References1
NVD
NVD
added 2025/09/23 1:15 p.m.11 views

CVE-2025-9846

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1...

10CVSS0.01041EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.13 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7CVSS5.7AI score0.00315EPSS
Exploits1References1
NVD
NVD
added 2025/05/05 6:15 a.m.26 views

CVE-2025-3583

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00274EPSS
Exploits1References1
CVE
CVE
added 2025/04/15 12:0 a.m.53 views

CVE-2024-44843

CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...

5.9CVSS8AI score0.00403EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/03 3:31 p.m.8 views

CVE-2025-3163 InternLM LMDeploy conf.py open code injection

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

5.3CVSS7.5AI score0.00338EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/11 9:0 p.m.12 views

CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

4.3CVSS7.2AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/02 1:25 p.m.47 views

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

2CVSS6.3AI score0.00444EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 12:32 p.m.80 views

CVE-2025-22271

CVE-2025-22271 affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The issue allows an attacker to spoof the client’s IP by supplying a value in the X-Forwarded-For header, which degrades accountability of action logging in the application. Other versions are listed as unknown. Pu...

6.9CVSS6.6AI score0.00394EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/14 1:37 p.m.11 views

CVE-2024-56938

LearnDash v6.7.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the materials-content class...

5.4CVSS5.9AI score0.00308EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 1:36 p.m.15 views

CVE-2024-56939

LearnDash v6.7.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the ld-comment-body class...

5.4CVSS5.9AI score0.00308EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.3 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo DesDev. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DesDev DedeCMS 5.71sp...

6.5CVSS6.6AI score0.01112EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/15 7:0 a.m.4 views

WordPress SP Project & Document Manager plugin <= 4.71 - Data Update and File Download via IDOR vulnerability

Data Update and File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...

6.5CVSS7.1AI score0.00434EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 4:19 p.m.13 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.8AI score0.00818EPSS
Exploits1References1
Rows per page
Query Builder