Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.17 views

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

5.4CVSS5.6AI score0.00399EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.6 views

PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...

9.3CVSS7.1AI score0.00682EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/11/20 12:0 a.m.4 views

Strapi Security Vulnerabilities

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi Protected Populate Plugin versions prior to 1.3.4. An attacker could exploit the vulnerability to populate certain fields...

5.3CVSS6.7AI score0.00601EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/09 5:15 p.m.4 views

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

9.8CVSS8AI score0.06629EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2019/09/19 12:0 a.m.7 views

PT-2019-14678 · Unknown +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libIEC61850 versions prior to 1.3.4 Description: The issue is related to a use-after-free in the MmsServer waitReady function located in the mms/iso mms/server/mms server.c file. This can be demonstrated using the server example goose...

10CVSS7.7AI score0.02036EPSS
Exploits9References35
OSV
OSV
added 2018/07/03 2:29 p.m.1 views

CVE-2018-7776

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data...

4.3CVSS5.8AI score0.00684EPSS
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

8.8CVSS5.8AI score0.00974EPSS
Exploits0References1
Rows per page
Query Builder