Lucene search
K

173 matches found

CVE
CVE
added 2026/06/19 5:11 p.m.11 views

CVE-2019-25751

CVE-2019-25751 affects Joomla’s J-ClassifiedsManager component, version 3.0.5. The vulnerability is an SQL injection in the displayads flow that does not require authentication. An attacker can inject malicious SQL through POST parameters, specifically categorySearch, adType, and citySearch, to e...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.16 views

PT-2026-42931

Name of the Vulnerable Software and Affected Versions ulisesbocchio jasypt-spring-boot versions prior to 3.0.6 ulisesbocchio jasypt-spring-boot versions prior to 4.0.5 Description A weakness in the Password Hash Handler component allows for the use of a one-way hash with a predictable salt. This...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Drupal Translate Drupal with GTranslate 安全漏洞

Drupal Translate Drupal with GTranslate is a Drupal content access control module developed by the Drupal company. Versions of Drupal Translate Drupal with GTranslate prior to version 3.0.5 contained security vulnerabilities; these vulnerabilities stemmed from modifications to assumed immutable...

2.7CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 8:9 p.m.9 views

EUVD-2026-28438

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 8:9 p.m.37 views

CVE-2026-41691

CVE-2026-41691 affects the i18next-http-backend package. Prior to version 3.0.5, the code interpolated the languages (lng) and namespaces (ns) into loadPath/addPath URL templates without proper encoding or sanitisation, allowing an attacker-controlled language input to alter URL structure and per...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.5 views

WordPress Ultimeter plugin <= 3.0.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ultimeter versions = 3.0.5...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-230 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.5AI score0.04425EPSS
Exploits0References27
Cvelist
Cvelist
added 2026/04/20 6:31 p.m.33 views

CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS0.00593EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 3:19 p.m.9 views

JLSEC-2026-128

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

5.5CVSS5.8AI score0.00428EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.5 views

CVE-2026-39665

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through = 3.0.5...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20339

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through = 3.0.5...

5.9AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.24 views

CVE-2026-39665 WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through = 3.0.5...

6.5CVSS0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

Ask Expert Script 跨站脚本漏洞

Ask Expert Script is an online Q&A system script for the PHP Scripts Mall community. Version 3.0.5 of the Ask Expert Script contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and SQL injection vulnerabilities, which may allow unverified attackers to...

9.8CVSS5.7AI score0.00465EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.4 views

CVE-2026-34372

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 8:19 p.m.3 views

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 8:19 p.m.14 views

CVE-2026-34372

Sulu CMS vulnerability CVE-2026-34372 affects Sulu versions prior to 2.6.22 and 3.0.0 to before 3.0.5. The issue allows a user with admin permissions (via at least one role) to access sub-entities of contacts through the admin API without explicit contacts permissions. It has been fixed in versio...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-32881

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 2:16 a.m.18 views

CVE-2026-32881

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS0.00386EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 1:13 a.m.5 views

CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop')

ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...

7.5CVSS6.1AI score0.00599EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/03 7:46 p.m.4 views

EUVD-2025-208254

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS6AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder