Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/10/23 4:10 a.m.2 views

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.5 views

CVE-2024-32869

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

5.3CVSS6.8AI score0.00642EPSS
Exploits1References1
OSV
OSV
added 2022/12/14 9:15 p.m.7 views

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

6.5CVSS5.8AI score0.00692EPSS
Exploits0References2
OSV
OSV
added 2014/12/20 2:59 a.m.4 views

DEBIAN-CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS7.4AI score0.12978EPSS
Exploits1References1
Rows per page
Query Builder