Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49463

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/28 7:55 a.m.8 views

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...

6.5CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:27 a.m.5 views

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/15 8:28 a.m.30 views

CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

4.3CVSS0.00163EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/15 3:54 a.m.8 views

WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability

Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/11 12:15 p.m.9 views

CVE-2025-11960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS. This issue affects KVKNET: before 2.1.8...

6.1CVSS0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-53407

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00815EPSS
Exploits1References1
NVD
NVD
added 2025/09/05 2:15 p.m.2 views

CVE-2025-58790

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPKube Kiwi kiwi-social-share allows Stored XSS.This issue affects Kiwi: from n/a through = 2.1.8...

6.5CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 8:58 p.m.57 views

CVE-2025-31819

CVE-2025-31819 is a Cross-Site Scripting (XSS) vulnerability in Nova Blocks by Pixelgrade. The issue affects Nova Blocks versions up to 2.1.8 (and possibly earlier n/a ranges per entry). Root cause is improper neutralization of user-controlled input during web page generation, enabling injection ...

6.5CVSS7.2AI score0.00269EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress XTRA Settings plugin <= 2.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin XTRA Settings versions = 2.1.8...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/13 7:43 a.m.3 views

WordPress Kognetiks Chatbot for WordPress plugin <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification vulnerability

Cross-Site Request Forgery to Authenticated Subscriber+ Assistant Modification vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Kognetiks Chatbot for WordPress versions = 2.1.8...

4.3CVSS7AI score0.00243EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.6 views

PT-2024-13034 · Allterco · Shelly Trv

Name of the Vulnerable Software and Affected Versions: Shelly TRV version 2.1.8 Description: The issue allows a local attacker to obtain the Wi-Fi password due to cleartext transmission during the initial setup. Recommendations: For Shelly TRV version 2.1.8, update to a version that addresses the...

5.5CVSS5.5AI score0.00108EPSS
Exploits0References5
CNVD
CNVD
added 2023/12/12 12:0 a.m.5 views

DoraCMS Cross-Site Scripting Vulnerability (CNVD-2023-9750397)

DoraCMS is a software application. Based on Nodejs+eggjs+mongodb to write a content management system . A cross-site scripting XSS vulnerability exists in DoraCMS version v2.1.8. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially crafted HTML or image fi...

5.4CVSS6AI score0.0051EPSS
Exploits1References1
OSV
OSV
added 2020/07/14 2:15 p.m.13 views

CVE-2020-10044

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device...

7.5CVSS7AI score0.00826EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2019/04/26 4:29 p.m.4 views

allianceauth (>=2.1.0 <=2.1.1), beanstalk-dispatch (>=0.0.3 <=0.0.5) +214 more potentially affected by CVE-2019-11358 via django (>=2.0.0 <=2.1.8)

django PYPI version =2.0.0, =2.1.0, =0.0.3, =0.1.0, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =1.2.1 and more Source cves: CVE-2019-11358 Source advisory: OSV:GHSA-6C3J-C64M-QHGQ...

6.1CVSS6.8AI score0.87218EPSS
Exploits4
CNVD
CNVD
added 2018/08/29 12:0 a.m.3 views

e107 Cross-Site Request Forgery Vulnerability (CNVD-2018-17620)

e107 is an open source, free and PHP and MySQL based Content Management System CMS developed by the e107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-site request forgery...

8.8CVSS8.9AI score0.00558EPSS
Exploits1References1
Rows per page
Query Builder