Lucene search
K

29 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37592

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40723

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.9 views

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS5.5AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35392

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/02/05 10:21 p.m.5 views

CVE-2026-24809 affecting package ntopng for versions less than 5.2.1-4

CVE-2026-24809 affecting package ntopng for versions less than 5.2.1-4. A patched version of the package is available...

6.9CVSS5.3AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/01/27 9:15 a.m.9 views

AZL-75470 CVE-2026-24809 affecting package ntopng for versions less than 5.2.1-4

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

6.9CVSS5.7AI score0.00139EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.14 views

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...

7.5CVSS6.3AI score0.02164EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/21 8:3 p.m.6 views

EUVD-2025-35253

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS6.6AI score0.88312EPSS
Exploits1References1
CVE
CVE
added 2025/10/10 9:52 a.m.16 views

CVE-2025-30001

Apache StreamPark has a vulnerability described as an Incorrect Execution-Assigned Permissions issue that, in versions 2.1.4 up to but not including 2.1.6, can allow authenticated users to trigger remote command execution. PT-security and multiple CVE references converge on this issue, noting tha...

7.3CVSS6.6AI score0.00506EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/04 11:53 a.m.14 views

CVE-2025-9206

The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.3AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32267

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00225EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-26052

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.3 views

WordPress plugin Savyour Affiliate Partner 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.1CVSS6.4AI score0.00115EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:15 a.m.9 views

CVE-2024-20992

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Content integration. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter...

4.4CVSS4.6AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-27446

Cross-Site Request Forgery CSRF vulnerability in Fluenx DeepL API translation plugin = 2.1.4 versions...

8.8CVSS7AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2024/05/24 7:15 a.m.4 views

CVE-2024-1332

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author...

5.4CVSS5.9AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2024/05/22 8:15 a.m.3 views

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.6 views

PT-2024-22935 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents plugin for WordPress versions up to, and including, 2.1.4 Description: The issue is related to Stored Cross-Site Scripting via multiple parameters due to insufficient input sanitization and output escaping. This allo...

5.5CVSS6AI score0.00328EPSS
Exploits0References7
OSV
OSV
added 2024/04/16 10:15 p.m.4 views

CVE-2024-21084

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Service Gateway. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

5.8CVSS7.1AI score0.00437EPSS
Exploits0References1
Rows per page
Query Builder