Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 1:56 p.m.7 views

CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.6AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.19 views

CVE-2026-25460

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 9:31 a.m.6 views

CVE-2026-0677

CVE-2026-0677 concerns the WordPress plugin TotalContest Lite (

6.3CVSS5.9AI score0.00233EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...

7.2CVSS5.9AI score0.00531EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/07 10:15 a.m.10 views

CVE-2025-25096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through = 2.9.1...

6.5CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/07 10:11 a.m.16 views

CVE-2025-25096 WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through = 2.9.1...

6.5CVSS0.00266EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/03 10:16 p.m.5 views

WordPress TI WooCommerce Wishlist plugin <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability

Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability discovered by abrahack in WordPress Plugin TI WooCommerce Wishlist versions = 2.9.1...

7.5CVSS7AI score0.00371EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/26 11:4 a.m.5 views

OESA-2022-2119 apache-sshd security update

Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. Security Fixes: Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The...

9.8CVSS8.8AI score0.03571EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.4 views

PT-2021-23429 · Crocoblock · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions prior to 2.9.1 Description: The issue arises from improper validation and sanitization of form data. Recommendations: For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue...

9.8CVSS9.4AI score0.01052EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/11/20 1:38 a.m.38 views

user/group information can be corrupted across storing in fsimage and reading back from fsimage

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...

7.5CVSS0.9AI score0.06554EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder