Lucene search
K

4663 matches found

Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.5 views

PT-2025-16057 · Yworks · Myworks Woocommerce Sync For Quickbooks Online

Name of the Vulnerable Software and Affected Versions: MyWorks MyWorks WooCommerce Sync for QuickBooks Online versions 2.9.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This...

7.1CVSS7.1AI score0.00374EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.3 views

WordPress plugin MyWorks WooCommerce Sync for QuickBooks Online 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7AI score0.00374EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.10 views

WordPress plugin Sync Posts 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.9CVSS8.7AI score0.00634EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/04/08 5:52 p.m.6 views

WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by theviper17 in WordPress Plugin Bulk Product Sync versions = 8.6...

9.3CVSS9AI score0.0058EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/08 2:2 p.m.4 views

Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/04/08 2:2 p.m.10 views

MAL-2025-3174 Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/04/07 9:12 p.m.2 views

GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

6.9CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/07 9:12 p.m.11 views

Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

6.8AI score
Exploits0References4Affected Software1
RustSec
RustSec
added 2025/04/07 12:0 p.m.11 views

Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

6.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/03 3:47 p.m.9 views

CVE-2025-31852

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

4.3CVSS7.2AI score0.00153EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/04/03 11:15 a.m.1 views

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059170 fixes several issues. The following security issues were fixed: CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table bsc1233023. CVE-2024-41062: Sync sock recv cb and release bsc1228578. CVE-2022-48791: Fix use-after-fr...

7.8CVSS8AI score0.00248EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/03 5:36 a.m.5 views

Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/03 5:36 a.m.4 views

MAL-2025-3098 Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Fedora
Fedora
added 2025/04/03 1:52 a.m.23 views

[SECURITY] Fedora 40 Update: nextcloud-31.0.2-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.1CVSS7.3AI score0.00559EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/04/02 3:3 p.m.0 views

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table bsc1233023. CVE-2024-41062: Sync sock recv cb and release bsc1228578. CVE-2022-48791: Fix use-after-fr...

7.8CVSS8AI score0.00248EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2025/04/02 8:57 a.m.9 views

SUSE CVE-2025-21894

In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMPTXONESTEPSYNC Actually ENETC VFs do not support HWTSTAMPTXONESTEPSYNC because only ENETC PF can access PMaSINGLESTEP registers. And there will be a crash if VFs are used to test one-step...

5.5CVSS7.6AI score0.00176EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2025/04/02 8:57 a.m.2 views

SUSE CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

5.5CVSS7.8AI score0.00177EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/01 8:58 p.m.17 views

CVE-2025-31619 WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through = 2.3.3...

8.5CVSS0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 8:58 p.m.4 views

CVE-2025-31619 WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through = 2.3.3...

8.5CVSS7.3AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 4:15 p.m.1 views

DEBIAN-CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

5.5CVSS5.7AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder