Lucene search
K

20 matches found

EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-42537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-36887

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 5:55 p.m.31 views

CVE-2026-41237 Froxlor has an incomplete fix for CVE-2026-30932

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS0.00269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 5:52 p.m.7 views

CVE-2026-41236 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.6AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 3:31 p.m.14 views

GHSA-8WMW-PRW8-2GGM Craftql vulnerable to Server-Side Request Forgery

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

7.5CVSS6.1AI score0.00463EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/03 10:39 p.m.10 views

EUVD-2026-18903

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3
CVE
CVE
added 2026/04/01 12:30 a.m.26 views

CVE-2025-71281

XenForo before 2.3.7 contains a template method-call restriction bypass. The issue stems from a loose prefix match instead of a strict first-word match for methods accessible via callbacks and variable method calls in templates, potentially allowing unauthorized method invocations. Affected softw...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.20 views

CVE-2026-30402

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...

0.00715EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.2 views

CVE-2026-30402

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...

6.2AI score0.00715EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.7 views

CVE-2025-70960

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.4AI score0.00235EPSS
Exploits1References1
CVE
CVE
added 2025/12/18 3:15 p.m.10 views

CVE-2025-64723

Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...

4.8CVSS6.3AI score0.00106EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 11:7 p.m.6 views

CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

5.3CVSS6.5AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 6:36 p.m.4 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS6.5AI score0.00255EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.11 views

PT-2024-36184 · Unknown · Yalla Ya! Simple Payment

Name of the Vulnerable Software and Affected Versions: yalla ya! Simple Payment versions 2.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS, where an attacker can...

7.1CVSS6.8AI score0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.3 views

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

7.1CVSS5.4AI score0.00327EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

5.4CVSS6.6AI score0.00275EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

5.4CVSS5.8AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.5 views

PT-2024-26963 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets...

6.4CVSS6.1AI score0.00344EPSS
Exploits0References6
OSV
OSV
added 2021/06/25 12:15 p.m.3 views

CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...

9.8CVSS7.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.2 views

mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

7.5CVSS7.4AI score0.04425EPSS
Exploits0References4
Rows per page
Query Builder