Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.9 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/19 6:51 a.m.9 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 5:0 p.m.11 views

EUVD-2026-35174

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

6.9CVSS5.2AI score0.00286EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.36 views

CVE-2026-5112

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 6:17 a.m.10 views

CVE-2026-2863

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS0.00369EPSS
Exploits0References5
CVE
CVE
added 2026/02/21 4:32 a.m.13 views

CVE-2026-2860

CVE-2026-2860 affects feng_ha_ha/megagao ssm-erp and production_ssm (up to commit 4288d53bd35757b27f2d070057aefb2c07bdd097). The vulnerability targets an unknown function in EmployeeController.java, causing improper authorization. It can be initiated remotely, and the exploit has been publicly di...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.11 views

PT-2026-21367

A vulnerability has been found in feng ha ha/megagao ssm-erp and production ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The attack can be launched...

5.5CVSS5.5AI score0.00304EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.13 views

PT-2026-21360

A flaw has been found in feng ha ha/megagao ssm-erp and production ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.4AI score0.00369EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.7 views

Malicious code in gita-rujak16-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004c034d74b9085d3ad772fd56edcca3fedfbdf9469f9bc0ccd4b82d21ec686c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-2762

Malware in sbrugna...

5CVSS6.1AI score0.01411EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.12 views

PT-2025-38529

Name of the Vulnerable Software and Affected Versions 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions up to 20250831 Description A cross-site scripting XSS flaw exists due to the manipulation of the Name argument in an unknown part of the /index.php file. This allows for remote execution of scripts. T...

5.3CVSS4AI score0.00339EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/28 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from incorrect reporting of device product names in the HID:wacom module, resulting in null pointer dereferences...

7.8CVSS6.5AI score0.00239EPSS
Exploits0References7
NVD
NVD
added 2024/11/26 8:15 a.m.12 views

CVE-2024-33605

Improper processing of some parameters of installedemanuallist.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

7.5CVSS0.06226EPSS
Exploits1References7
NVD
NVD
added 2024/11/26 8:15 a.m.13 views

CVE-2024-28038

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and...

9CVSS0.0263EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/11/26 7:38 a.m.19 views

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

7.5CVSS7AI score0.03521EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/11/26 7:38 a.m.30 views

CVE-2024-36249

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs multifunction printers. If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names,...

7.4CVSS0.00527EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/26 7:37 a.m.25 views

CVE-2024-28955

Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...

5.9CVSS0.01341EPSS
Exploits2References6
CVE
CVE
added 2024/11/26 7:37 a.m.75 views

CVE-2024-28955

CVE-2024-28955 affects Sharp/Toshiba TEC MFPs. The issue arises from incorrect permission assignment, causing crash coredump files to be world-readable; any local user can inspect memory contents. Public details cover affected models/versions through vendor notices and related advisories. Remedia...

5.9CVSS6.7AI score0.01341EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2024/03/18 8:3 a.m.13 views

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, mod...

6.9AI score0.00282EPSS
Exploits0References6
Rows per page
Query Builder