Lucene search
+L

134 matches found

NVD
NVD
added 2025/11/21 8:15 a.m.15 views

CVE-2025-13134

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

6.1CVSS0.00101EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.8 views

EUVD-2025-34371

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally...

6.2CVSS8.8AI score0.0055EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 5:16 p.m.11 views

CVE-2025-59250

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.00685EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/10/14 2:0 p.m.6 views

Windows Taskbar Live Preview Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack...

4.6CVSS6.2AI score0.00586EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.3 views

PT-2025-42157

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue involving uncontrolled resource consumption exists in Windows Remote Procedure Call. This can allow an unauthorized attacker to cause a denial of service over a network...

7.5CVSS8.9AI score0.00992EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25495

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00449EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-27552

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.003EPSS
Exploits1References2
CVE
CVE
added 2025/10/03 12:0 a.m.31 views

CVE-2025-56551

DirectAdmin Evolution Skin (v1.680) is affected. A crafted GET request can cause the page layout to be modified and replace the legitimate login interface with attacker-controlled content. Root cause is unspecified in the documents beyond content manipulation; exploitation status is not detailed....

8.2CVSS6.6AI score0.00339EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-38063

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based for Android affected versions not specified Description: The software contains a flaw due to insufficient user interface warnings regarding dangerous operations. This allows an unauthorized attacker to perform...

4.7CVSS5.8AI score0.00341EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/08/21 12:0 a.m.3 views

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

7.1AI score0.00294EPSS
Exploits1References2
CVE
CVE
added 2025/08/12 5:9 p.m.47 views

CVE-2025-25006

CVE-2025-25006 affects Microsoft Exchange Server. The connected MSKB/ advisories confirm a spoofing vulnerability arising from improper handling of an additional special element, exploitable over the network with no privileges or user interaction required. Microsoft released fixes: KB5063224 (Exc...

5.3CVSS6.9AI score0.00843EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.7 views

PT-2025-32770 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: A user interface UI misrepresentation of critical information in Microsoft Edge for Android can allow an unauthorized attacker to perform spoofing over a network...

4.3CVSS6.7AI score0.00464EPSS
Exploits0References5
CNVD
CNVD
added 2025/07/23 12:0 a.m.7 views

Microsoft SharePoint Server Spoofing Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A spoofing vulnerability exists in...

6.5CVSS6.7AI score0.99911EPSS
Exploits8References1
OSV
OSV
added 2025/07/20 11:15 p.m.1 views

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.8AI score0.99911EPSS
Exploits8References2
NVD
NVD
added 2025/06/10 5:22 p.m.6 views

CVE-2025-33068

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network...

7.5CVSS0.01488EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/06/10 7:0 a.m.10 views

DHCP Server Service Denial of Service Vulnerability

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network...

7.5CVSS7.1AI score0.01488EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.11 views

CVE-2024-9378

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.4AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:29 a.m.15 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS6.6AI score0.0044EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20864

Improper access control vulnerability in ELECOM routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...

8.8CVSS7.4AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 12:32 p.m.9 views

GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS7.1AI score0.01348EPSS
Exploits0References4
Rows per page
Query Builder