Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 12:31 a.m.16 views

EUVD-2026-30991

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 1:15 p.m.8 views

CVE-2025-66101

Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...

4.3CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 8:47 p.m.2 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS6.9AI score0.00277EPSS
Exploits0References3
NVD
NVD
added 2025/10/27 2:15 a.m.4 views

CVE-2025-62938

Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through = 2.0.1...

4.3CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 1:34 a.m.22 views

CVE-2025-62938 WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through = 2.0.1...

4.3CVSS0.00271EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/10 11:43 p.m.6 views

WordPress Easy Plugin Stats plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Plugin Stats versions = 2.0.1...

6.4CVSS5.6AI score0.00176EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-21283

Malware in sbrugna...

8.8CVSS8.7AI score0.0068EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/16 4:48 p.m.4 views

CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS8.1AI score0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-34923 · Epeken · Epeken Kurir

Name of the Vulnerable Software and Affected Versions: epeken Epeken All Kurir versions through 2.0.1 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than...

6.5CVSS5.8AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.6 views

PT-2025-34801 · Firecrawl · Firecrawl

Name of the Vulnerable Software and Affected Versions: Firecrawl versions prior to 2.0.1 Description: Firecrawl is a tool that converts websites into LLM-ready markdown or structured data. A server-side request forgery SSRF vulnerability exists in the webhook functionality of Firecrawl...

6.3CVSS7.2AI score0.00255EPSS
Exploits0References10
NVD
NVD
added 2025/04/24 4:15 p.m.10 views

CVE-2025-39379

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Capturly Capturly capturly-optimize-your-website allows PHP Local File Inclusion.This issue affects Capturly: from n/a through = 2.0.1...

7.5CVSS0.0056EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.2 views

WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin all-in-one-box-login versions = 2.0.1...

7.1CVSS6.1AI score0.00342EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.4 views

PT-2024-10085 · Drupal · Download All Files

Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...

5.3CVSS7.4AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-29200 · WordPress · Pricing Table

Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax function. This allows unauthenticated attackers t...

5.3CVSS6.8AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2024/06/12 9:15 a.m.2 views

CVE-2023-51680

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1...

6.3CVSS5.8AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.10 views

PT-2024-23446 · Unknown · Lordicon Animated Icons

Name of the Vulnerable Software and Affected Versions: Lordicon Animated Icons versions through 2.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inje...

6.5CVSS9.1AI score0.00348EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.6 views

PT-2024-10354 · Drupal · Node Access Rebuild Progressive

Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 0.0.0 through 2.0.1 Node Access Rebuild Progressive version prior to 2.0.2 can be simplified to the above range, so it is omitted to avoid duplication. Description: The issue is related to improper...

5.3CVSS7.1AI score0.00258EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/11/09 8:15 p.m.4 views

CVE-2023-34033

A vulnerability in craigramsay Ajax Pagination and Infinite Scroll malinky-ajax-pagination.This issue affects Ajax Pagination and Infinite Scroll: from n/a through = 2.0.1...

8.8CVSS8.5AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.10 views

PT-2022-19914 · Jetbrains · Jetbrains Ktor Native

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor Native version 2.0.0 Description: The SHA1 implementation was returning the same value, indicating a potential issue with the hashing function. This issue was resolved in a later version. Recommendations: For version 2.0.0,...

8.7CVSS5AI score0.0083EPSS
Exploits0References6
Rows per page
Query Builder