Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/03/26 9:0 p.m.20 views

CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

4.6CVSS0.00241EPSS
Exploits1References3
NVD
NVD
added 2026/03/24 5:16 a.m.4 views

CVE-2026-3138

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via wpajaxnopriv...

6.5CVSS0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/07 9:12 p.m.20 views

CVE-2026-21683 iccDEV has Type Confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in icStatusCMM::CIccEvalCompare::EvaluateProfile. This...

8.8CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/14 1:58 p.m.4 views

EUVD-2025-197609

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...

6CVSS6.3AI score0.00253EPSS
Exploits0References4
OSV
OSV
added 2025/10/20 8:15 p.m.3 views

CVE-2025-8052

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...

8.8CVSS5.9AI score0.00326EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.3 views

MRCMS 安全漏洞

MRCMS is a content management system by the individual developers at marker. A security vulnerability exists in MRCMS version 3.1.2, which stems from mishandling of the component /admin/group/save.do, which could lead to a cross-site scripting attack...

4.8CVSS6AI score0.00188EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.6 views

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

6.5CVSS8.3AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.9 views

CVE-2024-32449

Cross-Site Request Forgery CSRF vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2...

5.4CVSS5.1AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 a.m.7 views

CVE-2014-100021

Cross-site scripting XSS vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearchemployeenameempId parameter...

4.3CVSS5.9AI score0.0122EPSS
Exploits1References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

CVE-2025-32826

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.7CVSS5.8AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/23 12:22 a.m.15 views

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

5.4CVSS8.3AI score0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/21 12:0 a.m.25 views

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

0.00326EPSS
Exploits1References1
NVD
NVD
added 2024/12/13 3:15 p.m.21 views

CVE-2024-54313

Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25...

6.5CVSS0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/04 12:0 a.m.3 views

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...

7.8AI score0.00606EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/14 10:15 p.m.2 views

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...

9.8CVSS8AI score0.32731EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2013/01/23 9:37 p.m.3 views

ipa: weakness when initiating join from IPA client can potentially compromise IPA domain

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...

7.9CVSS5.8AI score0.00557EPSS
Exploits0References5
Rows per page
Query Builder