Lucene search
+L

434 matches found

SUSE CVE
SUSE CVE
added 2025/03/05 2:31 a.m.4 views

SUSE CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References12
OSV
OSV
added 2025/03/04 2:15 p.m.2 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox 136...

3.9CVSS5.8AI score0.00175EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/03/04 2:15 p.m.5 views

CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

4.3CVSS5.8AI score0.00316EPSS
Exploits0References6
OSV
OSV
added 2025/03/04 2:15 p.m.11 views

UBUNTU-CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References11
OSV
OSV
added 2025/02/18 5:15 a.m.7 views

CVE-2024-13684

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...

8.1CVSS7.2AI score0.00216EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/02/13 3:13 p.m.19 views

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network CDN with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access ...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.6 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3. By exploiting the vulnerability, an attacker can trick a user into interacting with a malicious URL targeting the backend...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References4
NVD
NVD
added 2024/12/19 8:15 p.m.38 views

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS0.25431EPSS
Exploits0References1
OSV
OSV
added 2024/11/26 3:21 p.m.11 views

CVE-2024-52337 Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS6.4AI score0.00298EPSS
Exploits0References21
NVD
NVD
added 2024/11/21 11:15 a.m.14 views

CVE-2024-11447

The Community by PeepSo – Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter’ parameter in all versions up to, and including, 7.0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.0055EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/13 2:33 a.m.27 views

CVE-2024-10684 Kognetiks Chatbot for WordPress <= 2.1.7 - Reflected Cross-Site Scripting

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/29 8:31 a.m.26 views

CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/11 6:50 a.m.8 views

CVE-2024-9610 Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting

The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.00344EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.13 views

CentOS 7 : skopeo (RHSA-2020:2681)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2681 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using...

4.3CVSS6.4AI score0.00688EPSS
Exploits0References2
NVD
NVD
added 2024/10/04 5:15 a.m.39 views

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00299EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/08 1:52 p.m.6 views

Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

7AI score
Exploits0References1
OSV
OSV
added 2024/09/08 1:52 p.m.12 views

MAL-2024-12246 Malicious code in colourfulls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...

6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/31 4:29 a.m.16 views

CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxcheckenvatocode function. This makes it possible for...

6.1CVSS6.5AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2024/08/30 3:24 a.m.53 views

CVE-2024-5024

CVE-2024-5024 concerns the MemberPress WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw that can be triggered via the mepr_screenname and mepr_key parameters in pages that trigger user actions. It affects all versions up to and including 1.11.29 (per the initial ...

6.1CVSS6.2AI score0.00328EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.7 views

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a...

6.8CVSS6.8AI score0.00173EPSS
Exploits1References3
Rows per page
Query Builder