Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52071

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12438

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00811EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58214

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00452EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-12340

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00919EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/29 11:49 a.m.8 views

CVE-2025-5117

The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the propertypackageuserrole metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their...

8.8CVSS6.5AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.7 views

CVE-2024-5627

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00312EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.12 views

CVE-2022-4627

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.6 views

CVE-2022-4458

The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS5.9AI score0.00477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.6 views

CVE-2021-24781

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...

4.3CVSS6.7AI score0.00768EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:6 a.m.7 views

CVE-2024-28100

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

8.9CVSS7AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2024/06/13 6:15 a.m.10 views

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00368EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/05/02 7:3 p.m.6 views

CVE-2022-29444 WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...

6.5CVSS6AI score0.00538EPSS
Exploits0References2
Rows per page
Query Builder