Lucene search
+L

52 matches found

redhatcve
redhatcve
added 2026/07/08 7:30 a.m.6 views

CVE-2026-54786

A flaw was found in Wasmtime, a runtime for WebAssembly. Its native implementation of WASIp1, a system interface for WebAssembly, contains a resource leak in the fdrenumber function. A malicious guest program can repeatedly call this function, causing the host system to exhaust its file descripto...

5CVSS5.9AI score0.00217EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54848

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.10 Wasmtime versions 25.0.0 through 36.0.10 Wasmtime versions 37.0.0 through 44.0.2 Wasmtime versions 45.0.0 through 45.1 Description A resource leak exists in the native implementation of WASIp1 within the fd...

5CVSS5.8AI score0.00217EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/03/28 12:0 a.m.7 views

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-18328

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00628EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/08/09 12:0 a.m.9 views

PT-2025-32457 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9 Description: A problematic issue exists in Portabilis i-Educar up to version 2.9, specifically within the Cadastrar Vínculo Page. The issue involves the manipulation of the nome argument in the...

5.4CVSS6.7AI score0.00287EPSS
Exploits1References11
patchstack
patchstack
added 2025/07/15 11:45 a.m.7 views

WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...

8.1CVSS6.8AI score0.00271EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/07/15 11:20 a.m.6 views

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS7.9AI score0.00271EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/07/15 12:0 a.m.5 views

WordPress plugin Restrict File Access 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.1CVSS6.3AI score0.00271EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/06/16 8:26 a.m.7 views

CVE-2025-6070

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server...

6.5CVSS6.8AI score0.00628EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/06/14 12:0 a.m.4 views

WordPress plugin Restrict File Access 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

6.5CVSS6.7AI score0.00628EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/06/14 12:0 a.m.6 views

PT-2025-25483 · WordPress · Restrict File Access

Name of the Vulnerable Software and Affected Versions: Restrict File Access plugin for WordPress versions up to, and including, 1.1.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, which can conta...

6.5CVSS6.2AI score0.00628EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/02/12 12:0 a.m.7 views

PT-2025-7130 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...

9.8CVSS7.5AI score0.01073EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/11/10 12:0 a.m.8 views

PT-2024-16725 · Unknown · Amtt Hotel Broadband Operation System

Name of the Vulnerable Software and Affected Versions: AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 Description: A critical issue has been found in the AMTT Hotel Broadband Operation System. It affects an unknown function of the file /manager/frontdesk/online status.php. The...

8.8CVSS6.9AI score0.00526EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.7 views

PT-2024-16407 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue affects the delProtocol function of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the id argument leads to SQL injection. The attack may be initiate...

8.8CVSS7.1AI score0.00543EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2024/10/03 12:0 a.m.3 views

PT-2024-32854 · Json Lib +2 · Json-Lib +2

Name of the Vulnerable Software and Affected Versions: JSON-lib versions prior to 3.1.0 Description: The issue is related to the handling of an unbalanced comment string in the util/JSONTokener.java file. This flaw can be exploited due to the mishandling of such strings. Recommendations: For...

6.9CVSS6.5AI score0.17572EPSS
Exploits0References25
ptsecurity
ptsecurity
added 2024/08/13 12:0 a.m.11 views

PT-2024-6010 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker cou...

9CVSS7.8AI score0.01096EPSS
Exploits0References17
ptsecurity
ptsecurity
added 2024/06/04 12:0 a.m.10 views

PT-2024-27437 · Jan · Jan

Name of the Vulnerable Software and Affected Versions: Jan version 0.4.12 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/v1/app/appendFileSync" interface. Recommendations: For Jan version 0.4.12, as a temporary workaround, consider disablin...

9.8CVSS7.6AI score0.00989EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2024/05/24 12:0 a.m.6 views

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

5.4CVSS8.2AI score0.00435EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/05/15 12:0 a.m.7 views

PT-2024-26237 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: The issue is related to a File Upload vulnerability in an unauthenticated session, which could allow an attacker to upload a file without authentication. Recommendations: For OpenText iManager...

9.8CVSS7.1AI score0.0037EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/05/14 12:0 a.m.2 views

PT-2024-3499 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigation...

5.5CVSS5.8AI score0.01767EPSS
Exploits0References8
Rows per page
Query Builder