Lucene search
K

34 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-52784

CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....

8.8CVSS5.8AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:39 p.m.31 views

CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:39 p.m.9 views

CVE-2026-47182 Frappe: Broken Access Control on Private Files

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48894

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 2:53 p.m.1 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6AI score0.0054EPSS
Exploits1References4
NVD
NVD
added 2026/03/11 6:16 p.m.4 views

CVE-2026-31857

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 5:30 p.m.28 views

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/12 10:27 p.m.3 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames in comments. An attacker can cause users to be redirected to a malicious page by injecting CSS that transforms the entire wiki interface into a clickable link area. Remediation Upgrad...

6.3CVSS5.5AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 9:16 p.m.5 views

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

6.1CVSS0.00279EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 12:29 p.m.9 views

CVE-2025-66063

WP Google Review Slider plugin (WordPress) is affected by CVE-2025-66063: a Missing Authorization / Broken Access Control vulnerability in versions up to 17.4 due to misconfigured access controls. Red Hat/NVD/Patchstack entries confirm the issue and indicate a patched status for affected releases...

5.4CVSS6.6AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:55 p.m.11 views

CVE-2025-62028 WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through 17.4.0...

4.3CVSS0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 1:20 p.m.5 views

CVE-2025-10226

Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...

9.8CVSS7.6AI score0.00566EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/27 10:36 p.m.6 views

WordPress Bit Form – Contact Form plugin <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Bit Form versions = 2.17.4...

6.5CVSS7.1AI score0.00389EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.2 views

WordPress plugin Coming Soon Page, Under Construction 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Coming Soon Page, Under...

5.9CVSS6AI score0.00251EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/24 1:35 p.m.2 views

WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions = 6.17.4...

5.9CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities

Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...

8.1CVSS6.8AI score0.02587EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.3 views

PT-2024-19780 · Apple · Macos Sonoma +4

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 watchOS versions prior to 10.4 Description: A privacy issue was addressed with improved handling of temporary files. This issue may allow an app to...

6.5CVSS7.5AI score0.00674EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.3 views

PT-2024-19771 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: The issue allows an attacker in a privileged network position to inject keystrokes by spoofing a keyboard. This is achieved through a Bluetooth...

5.9CVSS8.2AI score0.00715EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.4 views

PT-2024-19735 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: The issue allows a deleted photo to be re-surfaced without authentication through the shake-to-undo feature. This is due to inadequate checks that have been improved in the...

2.4CVSS6.6AI score0.00257EPSS
Exploits0References5
OSV
OSV
added 2024/03/05 8:16 p.m.4 views

CVE-2024-23256

A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Rows per page
Query Builder