Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2025-69114 WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 5:45 a.m.9 views

WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MaxiNet versions = 1.2.10...

5.8AI score0.00435EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/03/13 11:42 a.m.9 views

CVE-2026-32431

The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.7 views

CVE-2026-25422

Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...

5.4CVSS5.5AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 10:21 p.m.22 views

CVE-2026-25939

Summary : FUXA is a web-based SCADA/HMI/dashboard. From v1.2.8 to v1.2.10, an authorization bypass allows an unauthenticated, remote attacker to create/modify arbitrary schedulers via the REST endpoint (notably POST/DELETE /api/scheduler), exposing connected ICS/SCADA environments to follow-on ac...

9.3CVSS5.7AI score0.12047EPSS
In wildExploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/09 10:18 p.m.32 views

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS0.00977EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.5 views

CVE-2025-68003

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...

6.5CVSS5.4AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.2 views

CVE-2025-68003

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...

6.5CVSS0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/13 12:0 p.m.5 views

WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Skillate versions = 1.2.10...

6.1AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 4:45 p.m.6 views

WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Select Graphist for Elementor Graphist for Elementor versions = 1.2.10...

5.4CVSS7AI score0.00179EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/24 8:15 p.m.9 views

CVE-2025-57321

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...

9.8CVSS0.00404EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/06/11 11:4 a.m.5 views

WordPress Hara theme <= 1.2.10 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Hara versions = 1.2.10...

8.1CVSS7AI score0.00397EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/04/17 3:47 p.m.46 views

CVE-2025-27324

CVE-2025-27324 : Reflected Cross-Site Scripting in the WordPress plugin “17TRACK for WooCommerce”

7.1CVSS7.1AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/06/08 1:15 p.m.4 views

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...

6.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.3 views

PT-2023-28077 · Wpgens · Swifty Bar

Name of the Vulnerable Software and Affected Versions: Swifty Bar, sticky bar by WPGens plugin versions = 1.2.10 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This allows for malicious scripts to be stored on th...

5.9CVSS5.2AI score0.0031EPSS
Exploits0References5
Rows per page
Query Builder