Lucene search
K

8 matches found

NVD
NVD
added 2025/10/15 5:16 p.m.8 views

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

7.5CVSS0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.5 views

CVE-2024-5284

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.8AI score0.00241EPSS
Exploits1References1
OSV
OSV
added 2025/01/23 9:15 p.m.6 views

CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

8.7CVSS7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

Grand Vice info Webopac SQL注入漏洞

Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to use library services through the Internet. A SQL injection vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, whic...

9.8CVSS8.1AI score0.00451EPSS
Exploits0References1
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-5283

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00368EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.4 views

WordPress plugin wp-affiliate-platform security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.7CVSS6.7AI score0.00211EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.5 views

PT-2024-27459

Name of the Vulnerable Software and Affected Versions Document Merge Service versions 6.5.1 and prior Description The issue allows for remote code execution via server-side template injection, which can result in full takeover of the affected system when executed as root. This gives an attacker...

7.2CVSS8.9AI score0.01031EPSS
Exploits0References10
OSV
OSV
added 2022/12/09 9:15 p.m.4 views

CVE-2022-44790

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists...

7.5CVSS5.8AI score0.006EPSS
Exploits0References1
Rows per page
Query Builder