Lucene search
K

128 matches found

CNNVD
CNNVD
added 2026/01/17 12:0 a.m.7 views

WordPress plugin Spin Wheel has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.7AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.11 views

CVE-2023-49279

Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...

5.4CVSS6.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 6:32 p.m.7 views

EUVD-2025-199618

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

6.5AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 4:15 p.m.5 views

CVE-2025-63800

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...

7.5CVSS0.00408EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS6AI score0.03054EPSS
In wildExploits2References80
OSV
OSV
added 2025/11/05 9:15 p.m.5 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS5.9AI score0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/05 12:0 a.m.8 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

0.0036EPSS
Exploits1References2
NVD
NVD
added 2025/11/04 5:16 a.m.13 views

CVE-2025-11890

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 12:0 a.m.47 views

CVE-2025-60375

CVE-2025-60375 affects Perfex CRM versions prior to 3.3.1. The issue is an authentication bypass caused by insufficient server-side validation of login parameters, allowing an attacker to gain unauthorized access (including admin accounts) by submitting empty username and password values. Exploit...

7.3CVSS6.9AI score0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/09 12:0 a.m.4 views

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

6.9AI score0.00266EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-17397

Malware in sbrugna...

9.8CVSS9.2AI score0.01411EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7137

Malware in sbrugna...

7.5CVSS7.6AI score0.0089EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17279

Malware in sbrugna...

7.5CVSS6.6AI score0.01772EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-2947

Malware in sbrugna...

5.8CVSS6.4AI score0.01021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5505

Malware in sbrugna...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7591

Malware in sbrugna...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-22426

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00425EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-8804

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13046

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-38231

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder