Lucene search
K

1395 matches found

Cvelist
Cvelist
added 2025/09/10 6:38 a.m.7 views

CVE-2025-9622 WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...

4.3CVSS0.00157EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/10 12:0 a.m.2 views

CVE-2025-56404

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...

6.2AI score0.00317EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.7 views

CVE-2025-56404

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...

0.00317EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.8 views

PT-2025-37024

Name of the Vulnerable Software and Affected Versions: Maspik – Ultimate Spam Protection plugin for WordPress versions through 2.5.6 Description: The Maspik – Ultimate Spam Protection plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to insufficient or incorre...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-2848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...

8.8CVSS7.8AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2025/09/09 8:42 p.m.5 views

GHSA-RF24-WG77-GQ7W listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover

Summary Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

8.6CVSS6.3AI score0.00127EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/09 2:10 a.m.3 views

CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...

8.1CVSS6.4AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36549

Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...

8.1CVSS6.1AI score0.00249EPSS
Exploits0References8
OSV
OSV
added 2025/09/08 8:46 p.m.5 views

GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...

8.6CVSS7.1AI score0.00392EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.5 views

CVE-2025-41057

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/06 2:24 a.m.6 views

CVE-2025-9515 Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

7.2CVSS6.7AI score0.00613EPSS
Exploits0References3
CVE
CVE
added 2025/09/05 5:45 p.m.32 views

CVE-2025-30199

ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Online Shopping Portal File Upload Vulnerability

Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...

9.1CVSS7AI score0.00446EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/05 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...

5.1CVSS3.6AI score0.00291EPSS
Exploits0References2
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Complaint Management System SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

6.5CVSS8.2AI score0.004EPSS
Exploits1References1
NVD
NVD
added 2025/09/04 12:15 p.m.3 views

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

5.4CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.2 views

CVE-2025-41043

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAppReportCodeid' and 'dataAppReportCodename' parameters in /apprain/appreport/manage/...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:13 a.m.7 views

CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...

5.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:10 a.m.14 views

CVE-2025-41042

appRain CMF 4.0.5 is affected by a stored authenticated XSS in /apprain/information/manage/emailtemplate/add due to insufficient validation of input in data[Option][message], data[Option][subject], and data[Option][templatetype]. Impact cited includes cookie-based credential theft; exploitation s...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/04 11:9 a.m.4 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder