Lucene search
K

44 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 3:27 a.m.9 views

CVE-2026-2374 Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00346EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41592

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...

5.8CVSS5.5AI score0.00244EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/10 9:28 a.m.6 views

CVE-2026-24343 Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...

5.5AI score0.00717EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/19 9:46 a.m.3 views

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.2 <=1.2.2), com.webank.wedatasphere.dss:dss-apiservice-server (>=1.1.2 <=1.2.2) +166 more potentially affected by CVE-2025-29847 via org.apache.linkis:linkis-common (>=1.3.0 <=1.8.0)

org.apache.linkis:linkis-common MAVEN version =1.3.0, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.2.2 and more Source cves: CVE-2025-29847 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035881https://vulners.com/snyk...

7.5CVSS5.4AI score0.00744EPSS
Exploits0
OSV
OSV
added 2026/01/19 9:30 a.m.4 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5
CVE
CVE
added 2026/01/19 8:37 a.m.20 views

CVE-2025-59355

Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1268

Name of the Vulnerable Software and Affected Versions Brecht Custom Related Posts versions through 1.8.0 Description A flaw exists in Brecht Custom Related Posts that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations Upda...

7.5CVSS6.3AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2025/12/18 8:15 a.m.3 views

CVE-2025-58896

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...

8.2CVSS5.8AI score0.00445EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/25 5:31 a.m.28 views

CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybeloadonboardingwizard function in all versions up to, and including, 1.8.0. This makes it possibl...

5.3CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 11:15 p.m.3 views

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/07 11:33 a.m.4 views

WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by NumeX in WordPress Plugin Progress Planner versions = 1.8.0...

8.8CVSS7AI score0.00439EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24052

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00458EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/09/26 9:59 a.m.4 views

WordPress Notely Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Notely versions = 1.8.0...

5.9CVSS6AI score0.0021EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/26 8:31 a.m.8 views

CVE-2025-60149

CVE-2025-60149 affects Notely (WordPress plugin). Reported as Stored XSS due to Improper Input Neutralization during Web Page Generation. Affected: Notely versions up to 1.8.0. Required access: authenticated (Administrator+). Description and context come from the CVE entry and the Wordfence vulne...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-29476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6....

9.8CVSS7.2AI score0.02142EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/23 1:51 p.m.6 views

WordPress Otaku theme <= 1.8.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Otaku versions = 1.8.0...

8.2CVSS7.1AI score0.00445EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.6 views

PT-2025-33423 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability was identified in linlinjava litemall. The issue affects an unknown functionality within the /admin/config/express file of the Business Logic Handler component. Manipulatio...

5.3CVSS4.4AI score0.00299EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

Janssen 安全漏洞

Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...

8.2CVSS6.3AI score0.00343EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 5:52 p.m.3 views

GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

8.2CVSS6.8AI score0.00343EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.2 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Diff prior to version 1.8.0, which stems from the inclusion of an authorization error vulnerability...

9.1CVSS6.7AI score0.00341EPSS
Exploits0References2
Rows per page
Query Builder