Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47705

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description Error messages returned when RaiseError, PrintError, or HandleError are enabled are written to a 200-byte buffer that lacks a length limit. Attackers capable of influencing the error text within an...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References37
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.4 views

CVE-2025-15526

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 12:15 a.m.4 views

CVE-2019-25278

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...

5.9CVSS5.8AI score0.00303EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1675

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is affected by a cross-site scripting issue in the msg parameter of the pluginInstall.php file. This allows attackers to inject malicious scripts...

6.1CVSS6.7AI score0.00278EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.8 views

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

8.8CVSS8.2AI score0.02325EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from susceptibility to cross-site request forgery attacks and could lead to the...

5.1CVSS6.8AI score0.002EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53328

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without explicit user permission...

5.1CVSS6.5AI score0.002EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.5 views

CVE-2025-12570

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for...

7.2CVSS5.3AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 6:32 a.m.17 views

CVE-2025-12570

CVE-2025-12570 affects the WordPress plugin Fancy Product Designer up to version 6.4.8 . It enables unauthenticated stored XSS via SVG file uploads due to insufficient input sanitization and output escaping in the files data-to-image.php and pdf-to-image.php . The vulnerability allows attackers t...

7.2CVSS5AI score0.00213EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/09 1:16 a.m.4 views

CVE-2022-50648

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

5.7AI score0.00162EPSS
Exploits0References4
CVE
CVE
added 2025/12/02 6:40 a.m.8 views

CVE-2025-13685

CVE-2025-13685 concerns the WordPress plugin Photo Gallery by Ays (versions up to 6.4.8) with a Cross-Site Request Forgery flaw due to missing nonce verification in the bulk action handler (process_bulk_action). This allows unauthenticated attackers to induce bulk operations (delete/publish/unpub...

4.3CVSS5.1AI score0.00137EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

LogSign Unified SecOps Platform 操作系统命令注入漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8...

8.8CVSS9.2AI score0.02973EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

Logsign Unified SecOps Platform 安全漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. A security vulnerability exists in Logsign Unified SecOps Platform versions prior to 6.4.8 that stems from the use of...

8.8CVSS9.1AI score0.01072EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.4 views

LogSign Unified SecOps Platform 操作系统命令注入漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8...

8.8CVSS9.3AI score0.02585EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2024/06/29 5:15 a.m.3 views

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.1 views

WordPress plugin Events Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS6.1AI score0.0031EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 5:15 p.m.3 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

7.1CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.5 views

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

9CVSS8.4AI score0.05242EPSS
Exploits2References3
Rows per page
Query Builder