Lucene search
K

37 matches found

CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-42658

The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49442

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

6.5CVSS5.1AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.8 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 8:32 p.m.11 views

CVE-2026-44666 HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:44 p.m.6 views

BIT-JAVA-MIN-2024-20922

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

2.5CVSS6.8AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37989

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

2.5CVSS6.5AI score0.00303EPSS
Exploits0References5
NVD
NVD
added 2026/04/24 8:16 p.m.8 views

CVE-2026-41429

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

8.8CVSS0.00307EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 12:0 p.m.8 views

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.3 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

Wing FTP Server: Operating System Command Injection Vulnerability

Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 6.3.8 of Wing FTP Server contains a vulnerability related to operating system command injection. This vulnerability stems from the command execution feature in the Lua-based Web console,...

8.8CVSS6AI score0.0104EPSS
Exploits1References3
CVE
CVE
added 2026/01/08 9:17 a.m.15 views

CVE-2025-67914

CVE-2025-67914 describes a Path Traversal vulnerability in VidMov (VidMov WordPress theme/plugin) by beeteam368. Affected: VidMov versions up to 2.3.8 (reported as n/a through

7.7CVSS6.6AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 3:27 a.m.4 views

CVE-2025-10304 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the processstatusunlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.9 views

PT-2025-48791

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process status unlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticate...

5.3CVSS5.4AI score0.00189EPSS
Exploits0References3
NVD
NVD
added 2025/10/27 2:15 a.m.4 views

CVE-2025-62946

Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through = 2.3.8...

5.3CVSS0.00316EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 7:15 p.m.3 views

CVE-2025-62415

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/16 6:36 p.m.4 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS6.5AI score0.00255EPSS
Exploits1References1
OSV
OSV
added 2025/10/16 6:35 p.m.3 views

CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS7.1AI score0.00255EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/28 6:52 a.m.10 views

CVE-2025-9896

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:23 p.m.2 views

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 2:33 p.m.3 views

CVE-2025-58801

Cross-Site Request Forgery CSRF vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through = 4.3.8...

5.4CVSS5.9AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder