Lucene search
+L

768 matches found

OSV
OSV
added 2025/11/25 7:15 p.m.5 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS5.8AI score0.00183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.8 views

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

6.5CVSS7.6AI score0.00183EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.7 views

SIGB PMB 安全漏洞

SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which stems from improper handling of the parameters id and datas in the component /opaccss/ajaxselector.php, which could lead to a SQL injection attack...

6.5CVSS7.7AI score0.00183EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.16 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

0.00183EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 12:0 a.m.10 views

CVE-2025-61167

SIGB PMB v8.0.1.14 contains multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component, exploitable via the id and datas parameters. Root cause: improper handling of user-supplied input in that endpoint allows SQL commands to be injected, potentially leading to unauthoriz...

6.5CVSS8.1AI score0.00183EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2025/11/20 11:30 a.m.4 views

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

6.8AI score
Exploits0
Veracode
Veracode
added 2025/11/19 10:5 a.m.6 views

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...

5.4CVSS6AI score0.00205EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.8 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 9:15 a.m.7 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197947

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS4.8AI score0.00152EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.7 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00152EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.2 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS4.9AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 8:27 a.m.18 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.11 views

PT-2025-47272

Name of the Vulnerable Software and Affected Versions Coil Web Monetization plugin for WordPress versions prior to 2.0.3 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce validation when handling the coil-get-css-selector...

4.3CVSS6.4AI score0.00152EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/11/01 3:30 a.m.9 views

com.liferay:com.liferay.adaptive.media.blogs.item.selector.web (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-62275 via com.liferay:com.liferay.blogs.item.selector.web (=2.0.0)

com.liferay:com.liferay.blogs.item.selector.web MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.blogs.item.selector.web and may be impacted: - com.liferay:com.liferay.adaptive.media.blogs.item.selector.web...

6.9CVSS5.8AI score0.00267EPSS
Exploits0
Snyk
Snyk
added 2025/11/01 3:30 a.m.5 views

Missing Authorization

Overview com.liferay:com.liferay.blogs.item.selector.web is a Liferay Blogs Item Selector Web Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the BlogsItemSelectorViewDisplayContext class, when handling image access. An attacker can...

6.9CVSS6.8AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/31 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.dynamic.data.mapping.item.selector.web is a Liferay Dynamic Data Mapping Item Selector Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the select structure page when processing user input in the First Name, Middle Name, or Last...

6.1CVSS5.5AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/10/28 12:15 p.m.5 views

CVE-2025-40030

In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs doesn't specify it explicitly, the generic implementation of the getfunctionname callback from struct pinmuxops -...

0.00207EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-62697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki -...

8.8CVSS6.2AI score0.00324EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/23 9:5 a.m.5 views

Improper Authorization

com.liferay, com.liferay.organizations.item.selector.web is vulnerable to an improper authorization. The vulnerability is due to the organization selector not checking user permissions, which allows an attacker to obtain a list of all organizations...

5.3CVSS6.9AI score0.00244EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder