Lucene search
+L

11 matches found

Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56516

Name of the Vulnerable Software and Affected Versions Astro version 6.4.7 Description Astro performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit. Subsequently, rewrite route matching performs an additional decodeURI operation, which can...

8.2CVSS6.1AI score0.00267EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.4 views

CVE-2025-15526

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 12:15 a.m.4 views

CVE-2019-25278

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...

5.9CVSS5.8AI score0.00303EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1675

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is affected by a cross-site scripting issue in the msg parameter of the pluginInstall.php file. This allows attackers to inject malicious scripts...

6.1CVSS6.7AI score0.00278EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.9 views

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

8.8CVSS8.2AI score0.02325EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.5 views

CVE-2025-12570

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for...

7.2CVSS5.3AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

LogSign Unified SecOps Platform 操作系统命令注入漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8...

8.8CVSS9.3AI score0.02585EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2024/06/29 5:15 a.m.5 views

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.3 views

WordPress plugin Events Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS6.1AI score0.0031EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.7 views

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

9CVSS8.4AI score0.05242EPSS
Exploits2References3
Rows per page
Query Builder