Lucene search
K

38 matches found

Cvelist
Cvelist
added 2026/06/18 6:50 a.m.24 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00227EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.7 views

CVE-2026-6991

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:51 p.m.5 views

EUVD-2025-50828

OpenEXR Makes Use of Uninitialized Memory...

7.5CVSS7.1AI score0.00339EPSS
Exploits1References7
NVD
NVD
added 2026/02/20 4:22 p.m.4 views

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.16 views

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

7.1CVSS0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:15 p.m.4 views

CVE-2026-21940

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: User and User Group. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/20 11:37 a.m.8 views

WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Craft versions = 2.3.6...

7.1CVSS5.3AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:0 a.m.7 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

6.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.9 views

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/26 12:0 a.m.3 views

Fedora 43 : singularity-ce (2025-d3cd3e7cf0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d3cd3e7cf0 advisory. Upgrade to 4.3.6 upstream version. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...

6CVSS6.3AI score0.00176EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-60202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.3 views

EUVD-2025-38113

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS6.6AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.3 views

CVE-2025-57947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

6.5CVSS5.9AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:24 p.m.9 views

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

6.5CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/08 10:52 p.m.11 views

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

2.3CVSS0.0118EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:16 a.m.7 views

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team=Setting=action...

6.1CVSS5.6AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 7:1 a.m.5 views

CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.8AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder