Lucene search
K

1395 matches found

RedhatCVE
RedhatCVE
added 2025/04/04 9:39 a.m.20 views

CVE-2025-2005

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS8.3AI score0.17792EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.4 views

PT-2025-14475 · WordPress · Time Machine

Name of the Vulnerable Software and Affected Versions: wp Time Machine plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This allows...

6.1CVSS9.4AI score0.0028EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/22 12:0 a.m.3 views

Apache Oozie 安全漏洞

Apache Oozie is an application from the Apache Apache Foundation, USA. Provides a workflow scheduler system for managing Apache Hadoop job functions. Apache Oozie has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

5.4CVSS6.2AI score0.00466EPSS
Exploits0References3
CNVD
CNVD
added 2025/03/07 12:0 a.m.2 views

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

8.8CVSS7.1AI score0.00451EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.4 views

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.1CVSS8.2AI score0.05212EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/02/28 5:15 a.m.4 views

CVE-2025-0801

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...

4.3CVSS7.2AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud Android app version...

7.4CVSS6.6AI score0.00219EPSS
Exploits0References3
OSV
OSV
added 2025/02/19 8:15 a.m.4 views

CVE-2025-0865

The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wpmcmhandleactionsettings function. This makes it possible for unauthenticated attackers to alter plugin settings...

6.5CVSS5.7AI score0.00258EPSS
Exploits0References6
OSV
OSV
added 2025/02/18 6:15 a.m.3 views

CVE-2024-13315

The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 5:15 a.m.3 views

CVE-2025-0796

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...

4.3CVSS7.2AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 5:15 a.m.5 views

CVE-2024-13684

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...

8.1CVSS7.2AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 11:15 a.m.3 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS5.8AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

Digital China Networks DCBC Gateway 安全漏洞

Digital China Networks DCBC Gateway is a gateway program from Digital China Networks China. A security vulnerability exists in Digital China Networks DCBC Gateway version 200-2.1.1, which stems from a lack of length validation and a buffer overflow vulnerability that could cause a remote target...

5.1CVSS7.7AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/02/10 2:15 p.m.1 views

CVE-2024-11621

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/01/30 2:15 p.m.6 views

CVE-2024-13512

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject...

5.4CVSS5.6AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.4 views

PT-2025-2245 · WordPress · Ti Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: WooCommerce Wishlist plugin for WordPress versions up to, and including, 1.8.7 Description: The issue concerns a lack of validation on a user-controlled key in the download pdf file function, allowing unauthenticated attackers to extract data...

7.5CVSS9.4AI score0.00571EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/01/25 12:0 a.m.6 views

PT-2025-2253 · WordPress · Linear

Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is due to missing or incorrect nonce validation on the linear-debug feature, making it possible for unauthenticated attackers to reset the plugin's cache...

4.3CVSS6.9AI score0.00227EPSS
Exploits0References8
OSV
OSV
added 2025/01/18 7:15 a.m.7 views

CVE-2024-12385

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.5 views

PT-2025-1828 · WordPress · Wp Abstracts

Name of the Vulnerable Software and Affected Versions: WP Abstracts plugin for WordPress versions up to, and including, 2.7.2 Description: The issue is due to missing nonce validation on the wpabstracts load status and wpabstracts delete abstracts functions, making it possible for unauthenticated...

6.1CVSS9.3AI score0.00193EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

H3C N12 V100R005 安全漏洞

The H3C N12 V100R005 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C N12 V100R005 version, which stems from a lack of length validation in the AP configuration function, which could allow an attacker to crash a remote target device or execute arbitrary...

9.8CVSS7.4AI score0.00834EPSS
Exploits0References1
Rows per page
Query Builder