Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2024-48341

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00439EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/01 5:35 a.m.7 views

CVE-2025-4659

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

5.3CVSS6.6AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.5 views

CVE-2024-13623

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads...

5.9CVSS5.6AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:34 a.m.6 views

CVE-2024-13457

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

5.3CVSS6.7AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.6 views

CVE-2022-29855

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 5.1.0.8016 and earlier, and 6.0 6.0.0.368 through 6.1 HF4 6.1.0.165, could allow a unauthenticated...

7.2CVSS7.1AI score0.00738EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/09 9:43 a.m.9 views

CVE-2025-4104

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedwpajaxfedloginformpost function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate...

9.8CVSS6.9AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 12:15 p.m.18 views

CVE-2025-3874

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...

6.5CVSS0.00326EPSS
Exploits0References9
NVD
NVD
added 2025/04/10 7:15 a.m.11 views

CVE-2025-2805

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS0.0042EPSS
Exploits0References3
Veracode
Veracode
added 2025/04/02 11:55 p.m.12 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper access control, allowing an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the ingress-nginx controller...

9.8CVSS8.3AI score0.99098EPSS
Exploits20References11Affected Software1
CVE
CVE
added 2025/03/12 5:22 a.m.47 views

CVE-2024-13498

CVE-2024-13498 involves the WordPress plugin NEX-Forms – Ultimate Form Builder, where unauthenticated attackers can exfiltrate sensitive data via file uploads in all versions up to 8.8.1 due to insufficient directory listing protection and non-randomized file names. The issue is confirmed in conn...

5.3CVSS5.2AI score0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/03 8:20 a.m.7 views

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS7.5AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/03/01 7:24 a.m.52 views

CVE-2024-13806

CVE-2024-13806 – The Authors List plugin for WordPress (versions

6.5CVSS7.7AI score0.00344EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:57 a.m.4 views

CVE-2024-29836

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site...

9.8CVSS7.3AI score0.00583EPSS
Exploits0References1
Amazon
Amazon
added 2024/07/22 12:0 a.m.11 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

7.4CVSS7AI score0.01257EPSS
Exploits0
OSV
OSV
added 2019/01/24 3:29 p.m.5 views

CVE-2019-1645

A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...

4.3CVSS5.8AI score0.00519EPSS
Exploits0References2
Rows per page
Query Builder