Lucene search
K

2838 matches found

RedhatCVE
RedhatCVE
added 2025/06/29 2:26 p.m.5 views

CVE-2025-53270

Cross-Site Request Forgery CSRF vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through = 1.7.0...

4.3CVSS5.9AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.4 views

CVE-2025-39474

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through = 3.1.4...

9.8CVSS5.9AI score0.00374EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/28 12:0 a.m.3 views

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory. - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add...

7.1CVSS7.3AI score0.00281EPSS
Exploits0References6
OSV
OSV
added 2025/06/27 9:43 p.m.18 views

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

8.1CVSS7.6AI score0.00571EPSS
Exploits0References4
NVD
NVD
added 2025/06/27 2:15 p.m.7 views

CVE-2025-53268

Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...

4.3CVSS0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 12:15 p.m.3 views

CVE-2025-39474

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through = 3.1.4...

9.8CVSS0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 11:52 a.m.9 views

CVE-2025-52778 WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through = 2.12.5.2...

7.1CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/26 1:44 a.m.8 views

WordPress Ultra Addons for Contact Form 7 plugin 3.5.11-3.5.19 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Sy5temFr4cture in WordPress Plugin Ultimate Addons for Contact Form 7 versions 3.5.11-3.5.19...

7.2CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.4 views

PT-2025-26881 · Codeastro · Codeastro Patient Record Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Patient Record Management System version 1.0 Description: A problematic issue was found, leading to cross-site request forgery. The manipulation can be launched remotely. Recommendations: For CodeAstro Patient Record Management Syst...

5.3CVSS4.4AI score0.00242EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.4 views

PT-2025-28079 · Belkin · Belkin F9K1122

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart in the webs component. The manipulation of the pinCode argument leads to a stack-based buffer overflow. Th...

9CVSS8.6AI score0.01075EPSS
Exploits1References13
OSV
OSV
added 2025/06/24 3:15 p.m.4 views

BIT-GITLAB-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

9.9CVSS6.7AI score0.06533EPSS
Exploits0References3
OSV
OSV
added 2025/06/23 10:15 a.m.4 views

CVE-2025-52937

Vulnerability in PointCloudLibrary PCL surface/src/3rdparty/opennurbs modules. This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib WITHSYSTEMZLIB=FALSE...

2CVSS7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.5 views

CVE-2025-52795

Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.9 views

CVE-2025-50027

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...

5.9CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.4 views

CVE-2025-49984

Server-Side Request Forgery SSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.11...

4.9CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.10 views

CVE-2025-49968

Cross-Site Request Forgery CSRF vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through = 2.0...

4.3CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.18 views

CVE-2025-49967

CVE-2025-49967 is a CSRF vulnerability in the WordPress plugin Live Sports Streamthunder (affected versions n/a through 2.1). The issue enables cross-site request forgery, allowing unauthorized actions on behalf of a logged-in user. Public sources in the connected documents identify the affected ...

4.3CVSS5.9AI score0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/20 3:4 p.m.2 views

CVE-2025-49984 WordPress PowerPress Podcasting plugin <= 11.12.11 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11...

4.9CVSS5.2AI score0.00169EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:3 p.m.22 views

CVE-2025-52789

CVE-2025-52789 concerns the Lewe ChordPress WordPress plugin (versions &lt;= 3.9.7). The vulnerability is described as a CSRF that enables Stored XSS, with CVSS v3.1 base score 7.1 (High). Public sources in the connected docs indicate an available patch: upgrading to Lewe ChordPress 4.0.1 or late...

7.1CVSS5.9AI score0.00113EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.6 views

PT-2025-26330 · Brplot · Brplot

Name of the Vulnerable Software and Affected Versions: brplot version 420.69.1 Description: The issue is related to a Null Pointer Dereference NPD in the br dagens handle once function of the data processing module, leading to unpredictable program behavior, causing segmentation faults, and progr...

7.5CVSS6.3AI score0.00434EPSS
Exploits1References5
Rows per page
Query Builder