Lucene search
K

51 matches found

Cvelist
Cvelist
added 2026/06/25 1:12 p.m.30 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39379

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 10:5 p.m.11 views

CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

8.7CVSS5.8AI score0.00533EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.9 views

Open OnDemand 注入漏洞

Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.9 and 4.1.3 contained a vulnerability due to improper handling of malicious inputs by the Files...

9.8CVSS5.8AI score0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.13 views

PT-2026-23070

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

8.7CVSS5.8AI score0.00533EPSS
Exploits0References4
CVE
CVE
added 2026/01/08 9:17 a.m.12 views

CVE-2025-67933

CVE-2025-67933 is a Reflected Cross-Site Scripting issue in Taskbuilder – WordPress Project Management (Taskbuilder) with a root cause of improper input neutralization during web page generation. Affected range is Taskbuilder: from n/a through

7.1CVSS6AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

WordPress plugin Taskbuilder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 12:22 p.m.4 views

CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the importelementortemplate AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make we...

4.3CVSS5.4AI score0.00279EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-60200

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

7.5CVSS5.9AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45273

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.5CVSS7.1AI score0.0042EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.4 views

CVE-2025-49992 WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.1CVSS5.2AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-9085

Malware in sbrugna...

8.8CVSS7.3AI score0.02432EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-36661

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28584

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26889

Malicious code in bioql PyPI...

7.1CVSS8.6AI score0.00397EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-40220

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 9:21 a.m.4 views

CVE-2025-48913 Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

6.9AI score0.00793EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.11 views

PT-2025-32329

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.6.8 Apache CXF versions prior to 4.0.9 Apache CXF versions prior to 4.1.3 Description If untrusted users are permitted to configure JMS Java Message Service for Apache CXF, they could use RMI Remote Method...

9.8CVSS7.6AI score0.00793EPSS
Exploits0References19
Cvelist
Cvelist
added 2025/06/19 4:25 a.m.14 views

CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

4.9CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2025/02/25 3:15 p.m.4 views

CVE-2025-26926

Cross-Site Request Forgery CSRF vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through = 4.0.9...

4.3CVSS0.00149EPSS
Exploits0References1
Rows per page
Query Builder