Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46067

Name of the Vulnerable Software and Affected Versions crmeb crmeb java version 1.4 Description An issue exists in the base64 Qrcode Endpoint where the manipulation of the url argument in the RestTemplate.getForEntity function within the file...

7.5CVSS7AI score0.00294EPSS
Exploits0References8
NVD
NVD
added 2026/05/26 2:16 a.m.14 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS0.00336EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/08 2:0 a.m.12 views

EUVD-2026-28487

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 3:30 p.m.8 views

EUVD-2026-26252

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24678

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References10
CVE
CVE
added 2026/04/22 7:45 a.m.16 views

CVE-2026-4138

The CVE-2026-4138 entry concerns the DX Unanswered Comments plugin for WordPress (versions up to 1.7). A Cross-Site Request Forgery vulnerability arises from missing nonce validation on the plugin’s settings form (dxuc-unanswered-comments-admin-page.php), enabling unauthenticated attackers to mod...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.2 views

CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS0.00193EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

WordPress plugin DX Unanswered Comments 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/21 7:5 p.m.6 views

WordPress DX Unanswered Comments plugin <= 1.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin DX Unanswered Comments versions = 1.7...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/19 5:32 p.m.5 views

CVE-2026-1169 birkir prime cross-site request forgery

A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of...

5.3CVSS4.7AI score0.00197EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.10 views

CVE-2024-7657

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/updaterows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated...

5.4CVSS5.3AI score0.00556EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2024/03/11 5:52 p.m.10 views

The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs...

7.2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/12/05 11:54 p.m.10 views

The 23andMe Data Breach Keeps Spiraling

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/07/25 2:18 a.m.4 views

SUSE CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS6.4AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2023/07/24 9:15 a.m.2 views

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2023/07/24 9:15 a.m.2 views

UBUNTU-CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References2
RustSec
RustSec
added 2021/12/05 12:0 p.m.22 views

`encoding` is unmaintained

Last release was on 2016-08-28. The issue inquiring as to the status of the crate has gone unanswered by the maintainer. Possible alternatives - encodingrs...

2.2AI score
Exploits0
OSV
OSV
added 2021/09/01 12:0 p.m.10 views

RUSTSEC-2021-0147 `daemonize` is Unmaintained

Last release was over four years ago. The crate contains undocumented unsafe behind safe fns. An issue inquiring as to possible updates has gone unanswered by the maintainer. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives: - daemonize-m...

7.1AI score
Exploits0References3
Rows per page
Query Builder