Lucene search
+L

6 matches found

Patchstack
Patchstack
added 2026/01/16 7:0 a.m.10 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

6.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.11 views

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.4 views

CVE-2025-57947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

6.5CVSS5.9AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:24 p.m.11 views

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

6.5CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/08 10:52 p.m.15 views

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

2.3CVSS0.0118EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-12946 · Totolink · Totolink Outdoor Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: A command injection issue exists in the setUpgradeFW function via the filename parameter, allowing attackers to execute arbitrary commands through a crafted request...

9.8CVSS9.9AI score0.02551EPSS
Exploits1References3
Rows per page
Query Builder