Lucene search
K

484 matches found

CVE
CVE
added 2025/12/16 8:13 a.m.11 views

CVE-2025-68070

CVE-2025-68070 affects VK Google Job Posting Manager plugin for WordPress (

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:13 a.m.31 views

CVE-2025-68070 WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

6.5CVSS0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.4 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS7.7AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.6 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS7.7AI score0.00325EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.6 views

WordPress plugin VK Google Job Posting Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51454

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.21...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.5 views

EUVD-2025-203391

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.1AI score0.00325EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.4 views

EUVD-2025-203392

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.1AI score0.00325EPSS
Exploits1References3
NVD
NVD
added 2025/12/15 6:15 p.m.6 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS0.00325EPSS
Exploits1References2
OSV
OSV
added 2025/12/15 12:0 a.m.3 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS7.6AI score0.00325EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.5 views

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from improper handling of the frompostingdate parameter in the getoutstandingreferencedocuments function, which could lead to an...

9.8CVSS7.7AI score0.00325EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.3AI score0.00325EPSS
Exploits1References2
CVE
CVE
added 2025/12/15 12:0 a.m.10 views

CVE-2025-66439

ERPNext through 15.89.0 is affected by an SQL Injection in get_outstanding_reference_documents() (erpnext.accounts.doctype.payment_entry.payment_entry.py) where from_posting_date is interpolated directly into the query. This allows an attacker to extract arbitrary data from the database. Connecte...

9.8CVSS7.3AI score0.00325EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.3AI score0.00325EPSS
Exploits1References2
OSV
OSV
added 2025/12/15 12:0 a.m.3 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS7.6AI score0.00325EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.22 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

0.00325EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.22 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

0.00325EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.10 views

PT-2025-51261

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A SQL injection issue exists in Frappe ERPNext. The get outstanding reference documents function within the erpnext/accounts/doctype/payment entry/payment entry.py file is susceptible to...

9.8CVSS7.5AI score0.00325EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.13 views

PT-2025-51260

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...

9.8CVSS7.2AI score0.00325EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/10 8:36 a.m.5 views

CVE-2025-41747

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

7.1CVSS6.3AI score0.08549EPSS
Exploits0References1
Rows per page
Query Builder