Lucene search
K

3869 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.3 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS0.00687EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.7AI score0.00195EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.30 views

CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00195EPSS
Exploits0References5
CVE
CVE
added 2025/12/12 3:20 a.m.9 views

CVE-2025-13971

CVE-2025-13971 affects the TWW Protein Calculator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Header setting in all versions up to and including 1.0.24, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admini...

4.4CVSS4.7AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.3 views

PT-2025-50838

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.00195EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/11 10:50 p.m.7 views

WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...

4.4CVSS5.5AI score0.00195EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/11 10:15 p.m.3 views

CVE-2024-58286

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...

9.3CVSS6.4AI score
Exploits0References3
NVD
NVD
added 2025/12/11 12:16 p.m.5 views

CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.7CVSS0.00139EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 12:16 p.m.3 views

CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.7CVSS6.2AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 11:29 a.m.21 views

CVE-2025-64995 Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.5CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 11:29 a.m.17 views

CVE-2025-64995

CVE-2025-64995 affects TeamViewer DEX (formerly 1E DEX). The vulnerability is a privilege-escalation in the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior to version 3.4, caused by improper protection of the execution path on the local device. This issue could allow an at...

6.7CVSS7.6AI score0.00139EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 11:29 a.m.3 views

CVE-2025-64995 Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.5CVSS7.6AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 11:29 a.m.3 views

EUVD-2025-202669

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.5CVSS7.4AI score0.00139EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/12/11 11:29 a.m.4 views

CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.7CVSS8AI score0.00139EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/10 12:35 a.m.9 views

SUSE CVE-2023-53830

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...

5.5CVSS6.4AI score0.002EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2023-60166

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...

5.9AI score0.002EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.5 views

CVE-2025-48612

In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.4 views

CVE-2023-53830

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...

0.002EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 1:29 a.m.15 views

CVE-2023-53830

The CVE-2023-53830 issue affects the Linux kernel in the x86 Think-LMI support (platform/x86/think-lmi). When retrieving a tlmi_setting item string, the result must be freed with kfree(); however, current_value_show() can leak memory because malformed item strings aren’t freed due to an early ret...

6AI score0.002EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/12/09 1:29 a.m.6 views

CVE-2023-53830

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...

5.1AI score0.002EPSS
Exploits0
Rows per page
Query Builder