Lucene search
K

1395 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.5 views

CVE-2022-1953

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...

9.1CVSS7AI score0.01662EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.5 views

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

7.8CVSS7.2AI score0.00988EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.7 views

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

4.3CVSS6.7AI score0.01052EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.2 views

CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

9.8CVSS7.3AI score0.08227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-4419

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...

4.3CVSS5.8AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-4426

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

4.3CVSS5.8AI score0.005EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.4 views

CVE-2021-4395

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the getitems and extratablenav functions. This makes it possible for unauthenticated...

6.5CVSS5.8AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.6 views

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

4.3CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.3 views

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

5.3CVSS7.3AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 6:15 a.m.1 views

CVE-2025-1625

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00256EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:31 a.m.4 views

gstreamer: EXIF Metadata Parsing Integer Overflow

A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a la...

7.8CVSS6.4AI score0.01565EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.6 views

The vulnerability of the HTTP-Proxy software for network firewalls, the UserGate Next-Generation Firewall (NGFW), allows a hacker to read arbitrary files.

The vulnerability of the HTTP-Proxy software of the UserGate Next-Generation Firewall exists due to the lack of measures to check input data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

8.6CVSS5.7AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/05/10 12:0 a.m.3 views

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /manage-notes.php. An attacker can...

9.8CVSS8.2AI score0.00415EPSS
Exploits1References6
Snyk
Snyk
added 2025/05/08 7:28 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on the SETTINGSMAXHEADERLISTSIZE parameter. An attacker can cause the server to allocate excessive memory resources, leading to an OutOfMemoryError or...

8.7CVSS6.9AI score0.00625EPSS
Exploits0References2
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

COVID19 Testing Management System test-details.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Status in the /test-details.php...

9.8CVSS8.2AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

Amplify Codegen UI 安全漏洞

Amplify Codegen UI is an AWS Amplify open source React component generated for use in the AWS Amplify project. A security vulnerability exists in Amplify Codegen UI that stems from a lack of input validation for AWS Amplify Studio UI component property expressions, which could lead to the executi...

9.5CVSS8.7AI score0.01003EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.3 views

Luxion KeyShot 资源管理错误漏洞

Luxion KeyShot is a software for designing photographs of 3D scenes from Luxion, USA. The software allows real-time 3D rendering workflows to display results immediately and reduce the time required to create photorealistic product photos. A resource management error vulnerability exists in Luxio...

7.8CVSS7.9AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.2 views

WordPress plugin Insert Headers And Footers 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.5CVSS7.7AI score0.00204EPSS
Exploits0References4
CNVD
CNVD
added 2025/04/09 12:0 a.m.2 views

e-Diary Management System add-notes.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the Category parameter of the add-notes.php file. An attacker can...

9.8CVSS8.1AI score0.00478EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.10 views

PT-2025-15199 · Qualcomm · Snapdragon +57

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption can occur when the software processes addresses from TZ and MPSS requests without proper validation. Recommendations: At the moment, there is no information about a newer...

7.8CVSS7.1AI score0.00093EPSS
Exploits0References7
Rows per page
Query Builder