Lucene search
K

108 matches found

ibm
ibm
added 2025/12/17 2:13 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-2953]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, due to an issue found in PyTorch 2.6.0+cu124 that affects the function torch.mkldnnmaxpool2d CVE-2025-2953. PyTorch is used in our service runtimes. This vulnerabilitiy has been...

5.5CVSS6AI score0.00237EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/12/17 7:15 a.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a...

9.8CVSS7.8AI score0.02169EPSS
Exploits2Affected Software1
redhatcve
redhatcve
added 2025/12/13 5:3 a.m.4 views

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

5.1CVSS6.8AI score0.00109EPSS
Exploits0References1
euvd
euvd
added 2025/10/27 9:25 p.m.6 views

EUVD-2025-36380

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS5.6AI score0.0024EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/22 12:0 a.m.5 views

WordPress plugin Email Tracker SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

4.9CVSS7.8AI score0.00334EPSS
Exploits0References3
snyk
snyk
added 2025/10/08 11:42 a.m.7 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the idPage parameter. An attacker can retrieve, create, update, or delete database records by injecting crafted input in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint. Remediation Upgrade...

9.8CVSS7.9AI score0.00385EPSS
Exploits2References2
cve
cve
added 2025/09/24 12:0 a.m.13 views

CVE-2025-57324

The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...

6.5CVSS6.3AI score0.00326EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/09/09 6:40 a.m.12 views

CVE-2025-9542 AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

5.4CVSS0.0018EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/06/12 12:0 a.m.4 views

WordPress plugin Single Sign-On (SSO) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.3CVSS5.2AI score0.0025EPSS
Exploits0References3
attackerkb
attackerkb
added 2025/06/09 4:15 p.m.5 views

CVE-2025-48126

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through = 5.2.9...

9.8CVSS5.3AI score0.0039EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 3:10 a.m.4 views

CVE-2023-21448

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file...

5.7CVSS6.8AI score0.00198EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:10 a.m.5 views

CVE-2023-21447

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent...

4CVSS6.5AI score0.00149EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:40 a.m.6 views

CVE-2023-23366

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Stati...

7.7CVSS6.5AI score0.00554EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/23 12:0 a.m.8 views

WordPress plugin Crossword Compiler Puzzles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 11:39 p.m.5 views

CVE-2022-41432

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /module/reportevent/index.php...

4.8CVSS4.8AI score0.00374EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/18 12:0 a.m.5 views

WordPress plugin Tour Master SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.8CVSS9.3AI score0.0045EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.3 views

PT-2025-2583 · Themesebrand · Themesebrand Chatvia

Name of the Vulnerable Software and Affected Versions: themesebrand Chatvia version 5.3.2 Description: An issue in themesebrand Chatvia allows a remote attacker to execute arbitrary code via the User profile Upload image function. Recommendations: For themesebrand Chatvia version 5.3.2, consider...

4.6CVSS8.1AI score0.00446EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/11/01 12:0 a.m.3 views

WordPress plugin Laybuy Payment Extension for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00328EPSS
Exploits0References1
osv
osv
added 2024/07/24 3:15 a.m.4 views

CVE-2024-6755

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpwautoposterquickdeletemultiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/07/24 12:0 a.m.11 views

PT-2024-37849 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Stored Cross-Site Scripting via the mapTypes parameter in the 'wpw auto poster map wordpress post type' AJAX function due to...

7.2CVSS6.3AI score0.00829EPSS
Exploits0References6
Rows per page
Query Builder