Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-54640

Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40890

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...

4.3CVSS5.8AI score0.00293EPSS
Exploits0References20
CVE
CVE
added 4 days ago9 views

CVE-2026-12904

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress (versions ≤ 3.7.7) is affected by an Insecure Direct Object Reference. The root cause is a mismatch between the authorization object and the object actually accessed in Optimize_Rest_Controller endpoints (create_...

4.3CVSS5.8AI score0.00293EPSS
Exploits0References20
NVD
NVD
added 2026/06/10 3:16 p.m.12 views

CVE-2026-45564

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

8.8CVSS0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:4 p.m.18 views

CVE-2026-45564

CVE-2026-45564 affects Roxy-WI web interface for managing HAProxy/Nginx/Apache/Keepalived. In versions up to and including 8.2.6.4, POST /config/versions////save interpolates the URL-path parameter directly into a config-version path that resolves to a shell command: os.system("dos2unix -q {cfg}...

8.8CVSS5.5AI score0.00304EPSS
Exploits0References1
Circl
Circl
added 2026/05/21 4:28 p.m.8 views

CVE-2026-43496

creationtimestamp| type| source ---|---|--- 2026-05-21 16:28:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmetnfmrzt2k...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.8 views

CVE-2025-56077

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

8.8CVSS7.9AI score0.02482EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/18 11:24 a.m.2 views

CVE-2025-41348 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

8.7CVSS7.7AI score0.00456EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 2:36 p.m.4 views

CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

5.1CVSS5.6AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/21 12:0 a.m.7 views

PT-2025-38647

Name of the Vulnerable Software and Affected Versions htmly versions up to 3.1.0 Description A security issue has been identified in htmly. Manipulation of the label argument in an unknown function within the file /htmly/admin/field/post of the Custom Field Handler component can lead to cross-sit...

4.8CVSS2.9AI score0.0028EPSS
Exploits1References7
Circl
Circl
added 2025/09/17 9:35 a.m.22 views

CVE-2025-9216

creationtimestamp| type| source ---|---|--- 2025-09-17 09:35:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyzjtze6bz2c...

8.8CVSS5.8AI score0.00819EPSS
Exploits1References1
Circl
Circl
added 2025/08/21 8:33 p.m.15 views

CVE-2025-6465

creationtimestamp| type| source ---|---|--- 2025-08-21 20:33:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwwrzswtgs2a...

4.3CVSS4.8AI score0.00698EPSS
Exploits0References1
Circl
Circl
added 2025/08/16 2:38 a.m.11 views

CVE-2025-8882

creationtimestamp| type| source ---|---|--- 2025-08-16 02:38:04+00:00| seen| https://bsky.app/profile/secqube.com/post/3lwidmomzge2f...

8.8CVSS7.3AI score0.00246EPSS
Exploits0References1
Circl
Circl
added 2025/08/14 7:54 p.m.18 views

CVE-2025-51986

creationtimestamp| type| source ---|---|--- 2025-08-14 19:54:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwf4mrhfye2t...

7.5CVSS7.3AI score0.00312EPSS
Exploits0References1
Circl
Circl
added 2025/08/14 10:6 a.m.10 views

CVE-2025-55163

creationtimestamp| type| source ---|---|--- 2025-08-14 10:06:59+00:00| seen| https://bsky.app/profile/bricedutheil.bsky.social/post/3lwe3rkm22s2a 2025-08-18 08:41:02+00:00| seen| https://poliverso.org/objects/0477a01e-6be44872-756a670ea049def1 2025-08-19 05:22:52+00:00| seen|...

8.2CVSS6.3AI score0.00979EPSS
Exploits1References10
Circl
Circl
added 2025/08/12 8:4 a.m.19 views

CVE-2025-6253

creationtimestamp| type| source ---|---|--- 2025-08-12 08:04:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lw6tz6ymgx2c...

7.5CVSS4.8AI score0.00365EPSS
Exploits0References1
Circl
Circl
added 2025/08/08 11:46 p.m.11 views

CVE-2025-8742

creationtimestamp| type| source ---|---|--- 2025-08-08 23:46:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvwgqltzd62s...

6.3CVSS7.3AI score0.00581EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

litemall 安全漏洞

litemall is a small shopping mall system for linlinjava individual developers. A security vulnerability exists in litemall version 1.8.0, which stems from improper authorization due to misuse of the parameter adminComment in the file /wx/comment/post...

5.3CVSS4.9AI score0.0032EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.4 views

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding version 1.0.3, which stems from improper authorization due to misuse of the parameter articleId in the file /article/api/post...

5.5CVSS5.4AI score0.00385EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.3 views

sternenblog 安全漏洞

sternenblog is file-based CGI blogging software. A security vulnerability exists in sternenblog, which stems from an incorrect manipulation of the parameter postpath that can lead to file inclusion...

9.8CVSS6.3AI score0.00822EPSS
Exploits0References5
Rows per page
Query Builder