Lucene search
K

21 matches found

CVE
CVE
added 2026/05/14 6:35 p.m.20 views

CVE-2026-44589

Nuxt-og-image (nuxt-og-image) contains an SSRF issue tracked as CVE-2026-44589. The isBlockedUrl validator in [email protected] is incomplete: IPv6 prefix handling is limited (only ::1, fc, fd, fe80) and there is no redirect re-validation, enabling bypass paths such as IPv6-mapped addresses and...

3.7CVSS5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:35 p.m.14 views

CVE-2026-44589 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

3.7CVSS5.8AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 5:28 a.m.8 views

CVE-2026-3311

The CVE-2026-3311 family concerns The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (WordPress) up to version 6.4.9. All connected sources describe a Stored Cross-Site Scripting vulnerability via the Progress Bar shortcode caused by insufficient...

6.4CVSS6.1AI score0.00207EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 5:28 a.m.22 views

CVE-2026-3311 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...

6.4CVSS0.00207EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/07 11:20 p.m.4 views

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Progress Bar vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in...

6.4CVSS5.9AI score0.00207EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/25 6:31 p.m.9 views

EUVD-2026-15888

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

5.8AI score0.00332EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.2 views

CVE-2026-32524

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

5.8AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28038

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

5.8AI score0.00332EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-66134

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.5.1...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/10/18 6:42 a.m.22 views

CVE-2025-11510

CVE-2025-11510 : FileBird for WordPress pre-6.4.9 is vulnerable to unauthorized modification of data due to a missing capability check on /filebird/v1/fb-wipe-clear-all-data. This allows authenticated attackers with author-level access and above to reset the plugin’s configuration data. Connected...

4.3CVSS4.7AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:14 a.m.7 views

CVE-2024-23664

A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.5 views

Siemens SiPass Integrated 输入验证错误漏洞

Siemens SiPass Integrated is a powerful and extremely flexible access control system from Siemens Germany. An input validation error vulnerability exists in the Siemens SiPass Integrated AC5102 ACC-G2 and ACC-AP V6.4.9 and earlier versions, which stems from not properly clearing user inputs on th...

9.3CVSS6.6AI score0.00169EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 9:11 p.m.23 views

CVE-2022-20649

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

8.1CVSS8.3AI score0.11636EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-2585 · Fortinet · Fortivoice

Name of the Vulnerable Software and Affected Versions: Fortinet FortiVoice versions 7.0.0 through 7.0.4 Fortinet FortiVoice versions prior to 6.4.9 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing an authenticated privileged...

6.7CVSS7.5AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2024/06/03 10:15 a.m.4 views

CVE-2024-23664

A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...

6.1CVSS5.7AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2023/03/24 8:15 p.m.6 views

CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...

7.4CVSS7.1AI score0.0031EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.5 views

SUSE CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

7.5CVSS6.3AI score0.01054EPSS
Exploits0References3
Circl
Circl
added 2022/05/10 8:32 p.m.8 views

CVE-2022-1649

creationtimestamp| type| source ---|---|--- 2022-05-10 20:32:48+00:00| seen| https://t.me/cibsecurity/42267...

7.6CVSS6.5AI score0.00681EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.6 views

Jupyter Notebook 日志信息泄露漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A log information disclosure vulnerability exists in Jupyter Notebook versions prior to 6.4.9, which stems from an unauthorized participant being able to access sensitive...

7.5CVSS6.7AI score0.01054EPSS
Exploits0References4
CNVD
CNVD
added 2018/06/22 12:0 a.m.7 views

Serve Path Traversal Vulnerability

serve is a static file server that is primarily used for deploying native single-page applications or static files. A path traversal vulnerability exists in serve versions prior to 6.4.9, where the program fails to adequately filter %2e . and %2f / characters in the url. and %2f / characters in t...

6.5CVSS6.3AI score0.0179EPSS
Exploits1References1
Rows per page
Query Builder