Lucene search
K

381 matches found

Patchstack
Patchstack
added 2025/12/31 10:24 a.m.10 views

WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Arlo versions = 6.0.3...

7.1CVSS6.1AI score0.00142EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/30 11:16 a.m.11 views

CVE-2025-69021

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

5.4CVSS0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.5 views

CVE-2025-69021 WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

5.4CVSS6.5AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/23 9:29 p.m.4 views

CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

7.8CVSS7.4AI score0.00191EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/18 9:39 a.m.9 views

CVE-2025-14101

Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0...

7.1CVSS7AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 3:18 a.m.4 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS7.7AI score0.00575EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 3:31 p.m.5 views

EUVD-2025-199597

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

3.7CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/20 9:30 p.m.7 views

EUVD-2025-198343

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...

8.7CVSS8AI score0.00445EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/13 2:3 p.m.6 views

CVE-2025-62876

A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4...

5.3CVSS7.1AI score0.00129EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/11/12 12:0 a.m.5 views

lightdm-kde-greeter -- Privilege Escalation from lightdm Service User to root

SUSE Security Team reports: A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. This issue affects lightdm-kde-greeter before 6.0.4...

5.3CVSS7.2AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 4:32 p.m.11 views

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS0.00327EPSS
Exploits1References4
OSV
OSV
added 2025/10/23 9:31 p.m.4 views

GHSA-WVV5-5G6X-HP7J MCMS reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS6AI score0.00184EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 7:15 p.m.7 views

CVE-2025-60837

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/08 7:20 a.m.6 views

EUVD-2025-32912

Malicious code in v0-components npm...

6.6AI score
Exploits0
CVE
CVE
added 2025/10/07 6:3 p.m.13 views

CVE-2025-3450

CVE-2025-3450 describes an Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime . Affected versions are before 6.3 and before Q4.93, where an unauthenticated, network-based attacker could delete data, leading to denial of service. The issue stems from resource lo...

10CVSS6.5AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.6 views

PT-2025-41144

Name of the Vulnerable Software and Affected Versions B Industrial Automation Automation Runtime versions prior to 6.4 Description An issue exists in B Industrial Automation Automation Runtime that allows for improper neutralization of input during web page generation, potentially leading to...

6.1CVSS6.3AI score0.00251EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/05 12:0 a.m.7 views

Open Asset Import Library Assimp 安全漏洞

Open Asset Import Library Assimp is an official Open Asset Import Library repository from Open Asset Import Library open source. It can load more than 40 3D file formats into a unified and clean data structure. A security vulnerability exists in Open Asset Import Library Assimp version 6.0.2, whi...

7.8CVSS5.5AI score0.00225EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27035

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-24092

Malicious code in bioql PyPI...

5.4CVSS3.9AI score0.00299EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/10/02 9:56 a.m.4 views

WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...

6.5CVSS7AI score0.00249EPSS
Exploits0Affected Software1
Rows per page
Query Builder