Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday7 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS5.8AI score0.00669EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday18 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS5.8AI score0.01834EPSS
Exploits2References3
Nuclei
Nuclei
added 3 days ago8 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS6AI score0.22189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.3 views

PT-2026-20247

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert versions 1.0.0 through 2.1.0 are susceptible to a server-side request forgery SSRF condition. A successful exploit could allow an authenticated attacker to dispatch unauthorized...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.12 views

Gladinet CentreStack & Triofox - Hardcoded Credentials

Gladinet CentreStack and Triofox 16.12.10420.56791 contain a hardcoded credentials vulnerability caused by use of hardcoded AES cryptoscheme values, letting attackers perform arbitrary local file inclusion without authentication, potentially leading to full system compromise. id: CVE-2025-14611...

9.8CVSS6.8AI score0.50949EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.8 views

CVE-2019-20016

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue...

6.5CVSS6.7AI score0.01691EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.5 views

PT-2024-23358 · Fluentcrm · Fluentcrm

Name of the Vulnerable Software and Affected Versions: Fluent CRM versions through 2.8.44 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious scripts into the...

5.9CVSS8.8AI score0.00356EPSS
Exploits0References6
Rows per page
Query Builder