Lucene search
K

26 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-59731

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...

8.2CVSS0.00267EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 11:37 a.m.15 views

BIT-PARSE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a...

8.2CVSS6AI score0.00512EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

WordPress plugin wpDiscuz 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00166EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/24 11:51 a.m.7 views

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.7 - Unauthenticated Email Relay vulnerability

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.7 - Unauthenticated Email Relay vulnerability discovered by jtwings - Puramu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...

5.3CVSS5.3AI score0.00148EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/22 8:24 a.m.5 views

CVE-2026-2385 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...

5.3CVSS5.4AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 8:24 a.m.6 views

CVE-2026-2385

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...

5.3CVSS5.5AI score0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/22 8:24 a.m.26 views

CVE-2026-2385 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...

5.3CVSS0.00148EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/18 8:47 p.m.9 views

WordPress The Plus Addons for Elementor plugin <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability

Incorrect Authorization to Authenticated Author+ Arbitrary Draft Post Creation via 'posttype' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...

4.3CVSS5.5AI score0.00167EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25162

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/21 4:35 a.m.9 views

CVE-2025-7496

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS6AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 3:39 a.m.4 views

CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS6AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/08/19 3:39 a.m.26 views

CVE-2025-7496

CVE-2025-7496 describes a DOM-based Stored XSS vulnerability in the WordPress plugin WPC Smart Compare for WooCommerce, affecting all versions up to 6.4.7. Exploitation requires authenticated access at Contributor level or higher, enabling injection of scripts that run when users load injected pa...

6.4CVSS5.6AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.9 views

WordPress plugin WPC Smart Compare for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2025/01/14 5:15 p.m.5 views

CVE-2024-13181

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010...

9.8CVSS5.8AI score0.32438EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 5:15 p.m.5 views

CVE-2024-13180

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011...

7.5CVSS5.8AI score0.27759EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 5:15 p.m.5 views

CVE-2024-13179

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication...

9.8CVSS5.8AI score0.61812EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/05 1:56 p.m.4 views

WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.7...

6.5CVSS6.1AI score0.00316EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/12 8:15 a.m.5 views

WordPress Events Manager plugin <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via event, location, and eventcategory Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Events Manager versions = 6.4.7.3...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/10 6:15 p.m.4 views

CVE-2023-37932

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...

6.5CVSS5.9AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 2:15 p.m.5 views

CVE-2023-34030

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7...

8.8CVSS7.3AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder