Lucene search
K

1015 matches found

Patchstack
Patchstack
added 4 days ago5 views

WordPress Plugin for Google Analytics by IO technologies plugin <= 1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Plugin for Google Analytics by IO technologies versions = 1.1...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than allowed by RFC 7230. This non-conformant parsin...

8.1CVSS7.1AI score0.028EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:50 a.m.13 views

CVE-2025-69173

CVE-2025-69173 affects the WordPress Tipsy theme (&lt;= 1.1) with unauthenticated Local File Inclusion (LFI). Connected PT entries also list additional WordPress themes with similar LFI issues: Ingenioso (&lt;= 1.14.0) and AirSupply (

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:38 p.m.19 views

CVE-2026-47170

Garlic-Hub is affected by a CVE-2026-47170 SSRF in the uploadFromUrl endpoint. Prior to version 1.1 , authenticated users could cause the server to issue arbitrary HTTP requests to internal services, enabling internal port scanning, service fingerprinting, and retrieval of internal HTTP responses...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.7 views

CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.7 views

Sitejo HaPe PKH 安全漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a security vulnerability. This vulnerability stems from the lack of authorization for the record deletion endpoint, which may allow unauthenticated...

8.7CVSS5.8AI score0.00332EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the id parameter, which may allow attackers to manipulate...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the desa POST parameter, allowing unauthenticated attacke...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Sitejo HaPe PKH 跨站请求伪造漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow attacker...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 1:25 a.m.17 views

CVE-2026-8419

The CVE-2026-8419 entry aggregates a CSRF vulnerability in the WordPress Amazon Scraper plugin (versions up to and including 1.1). The underlying issue is missing or incorrect nonce validation in a function, enabling unauthenticated attackers to update settings and inject stored scripts by tricki...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/19 10:42 a.m.12 views

Improper Validation of Syntactic Correctness of Input

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...

8.7CVSS5.9AI score0.00743EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/09 3:31 a.m.11 views

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/05/08 12:0 a.m.15 views

CVE-2026-37431

Affected product: Beauty Parlour Management System v1.1. Vulnerability: SQL injection via the aptnumber parameter in the /appointment-detail.php endpoint. Impact (as stated): Attacker can access sensitive database information by crafting SQL statements; high confidentiality, integrity, and availa...

9.8CVSS5.9AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 3:16 a.m.37 views

CVE-2026-6702

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS0.0012EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.65 views

CVE-2026-6702 Publish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' Parameter

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS0.0012EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/24 5:16 p.m.33 views

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 9:22 p.m.5 views

GHSA-PQF5-4PQQ-29F5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

9.2CVSS5.8AI score0.00298EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 2:37 p.m.6 views

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

5.8AI score
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/20 6:16 p.m.13 views

CVE-2026-39111

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data...

7.5CVSS0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.32 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

0.00295EPSS
Exploits0References3
Rows per page
Query Builder