Lucene search
K

1395 matches found

CNNVD
CNNVD
added 2025/06/20 12:0 a.m.3 views

Code-Projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminproduct.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00421EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/06/17 6:31 p.m.3 views

CVE-2025-49848

An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data...

8.4CVSS5.8AI score0.00155EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2025/06/11 12:0 a.m.2 views

Dairy Farm Shop Management System /search-product.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter productname in the file...

9.8CVSS7.8AI score0.00683EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.2 views

WordPress plugin Bunnys Print CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bunnys Print CSS plugin that stems from missing or incorrect nonce validation of the pcssoptionssubpanel...

4.3CVSS4.8AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.1 views

AMD Versal Adaptive SoC 输入验证错误漏洞

AMD Versal Adaptive SoC is a chip from Ultra Micro Semiconductor AMD. The AMD Versal Adaptive SoC suffers from an input validation error vulnerability that stems from a missing address validation, which could result in access to a protected memory space...

6.6CVSS6.6AI score0.00146EPSS
Exploits0References1
CNVD
CNVD
added 2025/06/06 12:0 a.m.2 views

Online Shopping Portal Project category.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Product in the file /category.php. An attacker can explo...

9.8CVSS8.3AI score0.00394EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/06/03 7:27 p.m.11 views

PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool

The Burp Suite MCP Model Context Protocol server was vulnerable to a DNS rebinding attack. This allowed malicious websites to connect to the victim's local MCP server, use the sendhttp1request tool to make arbitrary HTTP requests, and access internal networks, localhost services, and cloud metada...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.6 views

CVE-2024-1489

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

4.3CVSS4.3AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.13 views

CVE-2024-3215

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder function. Th...

5.3CVSS5AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.5 views

CVE-2024-4541

The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation when modifying products. This makes it possible for unauthenticated attackers to add, delete, bulk edit,...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.11 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS6.9AI score0.00202EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.3 views

CVE-2024-4103

The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible for...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:34 a.m.6 views

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.3AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.4 views

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...

4.3CVSS5.2AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10726

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...

6.1CVSS7.2AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.3 views

CVE-2023-0088

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for...

8.8CVSS6.3AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:17 a.m.4 views

CVE-2023-30743

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

7.1CVSS7AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.5 views

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS4.4AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.4 views

CVE-2023-5982

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.6 views

CVE-2023-1344

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucssupdaterule function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.2AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder