Lucene search
+L

48 matches found

cvelist
cvelist
added 2026/07/03 1:28 a.m.39 views

CVE-2026-12920 Cookie Banner for GDPR / CCPA <= 4.3.5 - Authenticated (Administrator+) SQL Injection via 's' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
snyk
snyk
added 2026/06/11 12:0 a.m.8 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
osv
osv
added 2026/05/18 1:34 p.m.8 views

CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits2References7
patchstack
patchstack
added 2026/05/13 3:21 p.m.11 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability

Authenticated Subscriber+ Payment Bypass to Free Course Enrollment vulnerability discovered by winrace in WordPress Plugin LearnPress versions = 4.3.5...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/04 4:5 p.m.3 views

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

8.7CVSS6.9AI score0.00782EPSS
Exploits0References9
cve
cve
added 2026/03/16 12:0 a.m.15 views

CVE-2025-57543

CVE-2025-57543 describes a Cross Site Scripting (XSS) vulnerability in NetBox 4.3.5, affecting the Web UI via the "comment" field on object forms. An attacker can inject arbitrary HTML, which is rendered in the UI for other users, potentially enabling UI redress attacks or context‑specific XSS. T...

6.1CVSS5.8AI score0.00175EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/12/31 6:39 p.m.3 views

CVE-2025-34468 libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

8.2CVSS7.9AI score0.00637EPSS
Exploits0References4
openvas
openvas
added 2025/12/17 12:0 a.m.1 views

Fedora: Security Advisory (FEDORA-2025-5ad0214a85)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References2
openvas
openvas
added 2025/12/17 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-54d78b9fed)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References2
redhatcve
redhatcve
added 2025/12/10 3:13 p.m.4 views

CVE-2025-63056

Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References1
nvd
nvd
added 2025/12/09 4:18 p.m.4 views

CVE-2025-63056

Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...

4.3CVSS0.00265EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/09 2:52 p.m.27 views

CVE-2025-63056 WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...

4.3CVSS0.00265EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.6 views

PT-2025-50056

Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.5...

7AI score0.00265EPSS
Exploits0References2
osv
osv
added 2025/11/24 2:15 p.m.9 views

UBUNTU-CVE-2025-65498

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/24 12:0 a.m.6 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from a null pointer dereference in the coapdtlsinfocallback function and could lead to a denial of service attack...

4.3CVSS6.2AI score0.00231EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/11/24 12:0 a.m.12 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from a null pointer dereference in the coapdtlsgeneratecookie function in src/coapopenssl.c, which could lead to a denial of service atta...

4.3CVSS6.2AI score0.00231EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/11/24 12:0 a.m.5 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from an integer sign error in the tlsverifycallback function in src/coapopenssl.c, which could lead to a denial of service attack...

7.5CVSS6.3AI score0.00219EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/24 12:0 a.m.7 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from a null pointer dereference in the coapdtlsgeneratecookie function in src/coapopenssl.c, which could lead to a denial of service atta...

4.3CVSS6.2AI score0.00231EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-32198

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.00382EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1576

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01126EPSS
Exploits0References6
Rows per page
Query Builder