Lucene search
K

27 matches found

OSV
OSV
added 2026/06/19 5:10 p.m.2 views

OPENSUSE-SU-2026:21111-1 Security update for himmelblau

This update for himmelblau fixes the following issue - CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant DAG flow bsc1266662. Changes for himmelblau: - Update to version 2.3.11+git1.116c6763: Update cargo vet audits for backport depsrust: bump the...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 5:4 p.m.4 views

SUSE-SU-2026:22186-1 Security update for himmelblau

This update for himmelblau fixes the following issue - CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant DAG flow bsc1266662. Changes for himmelblau: - Update to version 2.3.11+git1.116c6763: Update cargo vet audits for backport depsrust: bump the...

8.4CVSS5.9AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-49258

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserialize readonly database function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as...

5.5AI score
Exploits0References4
CVE
CVE
added 2026/04/01 12:30 a.m.10 views

CVE-2026-35057

XenForo is affected in versions prior to 2.3.10 and prior to 2.2.19. The vulnerability is a stored XSS in structured text mentions, primarily impacting legacy profile post content. An attacker can inject malicious scripts via crafted mentions that are stored and executed when other users view the...

6.4CVSS5.8AI score0.00165EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/03 9:4 p.m.15 views

CVE-2026-21451

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize...

8.4CVSS5.7AI score0.00489EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 9:4 p.m.20 views

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

7.1CVSS6.5AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 9:16 p.m.9 views

CVE-2026-21450

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...

9.8CVSS0.01228EPSS
Exploits0References1
NVD
NVD
added 2026/01/02 9:15 p.m.10 views

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

7.1CVSS0.00274EPSS
Exploits1References2
CVE
CVE
added 2026/01/02 8:38 p.m.24 views

CVE-2026-21450

Bagisto SSTI (server-side template injection) in the type parameter allows remote code execution. Affected versions are prior to 2.3.10; version 2.3.10 contains the fix. Exploitation details cited include an example payload accessing the admin view (type={{7*7}}), which can lead to RCE and other ...

9.8CVSS8AI score0.01228EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/02 8:38 p.m.5 views

CVE-2026-21450 Bagisto has SSTI in parameter that can lead to RCE

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...

8.6CVSS8.1AI score0.01228EPSS
Exploits0References3
OSV
OSV
added 2026/01/02 8:37 p.m.6 views

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

6.3CVSS5.8AI score0.00489EPSS
Exploits1References3
CVE
CVE
added 2026/01/02 7:18 p.m.16 views

CVE-2026-21446

Summary (CVE-2026-21446) Bagisto (Laravel-based eCommerce) prior to 2.3.10 exposes installer API endpoints under /install/api/* that remain accessible after installation. The root cause is unauthenticated access to API routes (no auth/CSRF in /install/api/*), enabling an attacker to create admin ...

9.8CVSS6.5AI score0.00583EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.10 views

PT-2026-1125

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, has an issue where API routes remain active even after the initial installation is complete. The API endpoints /install/api/ are directly accessib...

9.8CVSS6.8AI score0.00583EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/01 3:25 a.m.10 views

CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...

6.4CVSS0.00232EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/11 8:42 a.m.10 views

CVE-2025-32143 WordPress Accordion plugin <= 2.3.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10...

8.8CVSS6.9AI score0.00976EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.5 views

WordPress plugin BU Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.00248EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/08 6:19 p.m.7 views

WordPress BU Slideshow plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin BU Slideshow versions = 2.3.10...

6.5CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/03 7:34 a.m.4 views

Malicious code in @gthwebdev/ui-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62aaab200b33789e76005a82f8665eaec345f6c173d63c8fdae72dff0cc2855d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.4 views

WordPress plugin IMGspider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS7AI score0.00939EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.2 views

PT-2024-37540 · WordPress · Imgspider

Name of the Vulnerable Software and Affected Versions: IMGspider plugin for WordPress versions up to, and including, 2.3.10 Description: The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function. This makes it possible fo...

8.8CVSS8.1AI score0.00947EPSS
Exploits0References10
Rows per page
Query Builder