Lucene search
K

19 matches found

EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11747

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

8.1CVSS5.7AI score0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-1214

Malware in sbrugna...

7.8CVSS7.3AI score0.29677EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-3778

Malware in sbrugna...

4.3CVSS6.4AI score0.02468EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-2988

Malware in sbrugna...

4.3CVSS6.4AI score0.01644EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.8 views

CVE-2024-1984

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS6.9AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.19 views

CVE-2023-34461

PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...

5.4CVSS6.7AI score0.00337EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/03/05 12:0 a.m.8 views

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Windows

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS8.4AI score0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

5.9CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/19 5:2 p.m.11 views

CVE-2023-34461 Cross-site Scripting (XSS) Availability in PyBB

PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...

4.6CVSS6.7AI score0.00337EPSS
Exploits0References2
CNVD
CNVD
added 2021/11/08 12:0 a.m.8 views

Barrier Authorization Issues Vulnerability

Barrier is software that mimics the functionality of the Kvm switcher. Barrier suffers from an authorization problem vulnerability that can be exploited by an attacker to enter an active session state using the Barrier component by simply providing a client tag that identifies a valid client...

8.2CVSS6.6AI score0.0141EPSS
Exploits1References1
OSV
OSV
added 2021/02/18 4:15 p.m.3 views

UBUNTU-CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

6.5CVSS7.1AI score0.01487EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.5 views

The vulnerability of the gst_avi_demux_parse_ncdt function (gst/avi/gstavidemux.c) in the Gstreamer multimedia framework’s gst-plugins-good plugin. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the gstavidemuxparsencdt function gst/avi/gstavidemux.c in the gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to...

7.8CVSS7AI score0.0382EPSS
Exploits0References6Affected Software4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

AssetMan 2.5-b - SQL Injection using Session Fixation Attack

No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...

7.1AI score
Exploits0
OSV
OSV
added 2012/12/31 11:50 a.m.6 views

CVE-2012-5642

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content...

6.4AI score
Exploits0References10
OSV
OSV
added 2012/06/05 10:55 p.m.6 views

CVE-2012-1185

Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...

7.8CVSS8.6AI score0.29677EPSS
Exploits0References19
seebug.org
seebug.org
added 2008/09/18 12:0 a.m.21 views

AssetMan v2.5-b SQL Injection using Session Fixation Attack

No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2002/08/31 4:0 a.m.23 views

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

6.5AI score0.07157EPSS
Exploits1References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.23 views

CVE-2002-0520

Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag...

6.6AI score0.01588EPSS
Exploits1References5
exploitpack
exploitpack
added 2001/05/29 12:0 a.m.10 views

Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass

Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass source: https://www.securityfocus.com/bid/2800/info eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering...

0.5AI score
Exploits0
Rows per page
Query Builder