Lucene search
K

199 matches found

EUVD
EUVD
added 2025/12/31 12:55 p.m.6 views

EUVD-2025-205972

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0...

6.5CVSS5.5AI score0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Knowband Mobile App Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.6AI score0.00213EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Binary MLM Plan plugin <= 3.0 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 3.0...

6.5CVSS5.3AI score0.00317EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/29 6:15 a.m.5 views

CVE-2025-15069

Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

Gmission Web Fax 安全漏洞

Gmission Web Fax is a web-based fax management system from the Korean company Gmission. A security vulnerability exists in Gmission Web Fax version 3.0 prior to version 4.0, which stems from improper authentication and may result in elevated privileges...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.6 views

CVE-2025-67909

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

7.5CVSS7AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2025/12/22 10:16 p.m.2 views

DEBIAN-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS5.3AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.9 views

PhotoShow 操作系统命令注入漏洞

PhotoShow is a free PHP web library from the individual developer Thibaud Rohmer. An operating system command injection vulnerability exists in PhotoShow version 3.0, which originates from allowing an authenticated administrator to inject malicious commands via the exiftran path configuration...

8.6CVSS7.6AI score0.00796EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.7 views

ClinCapture EDC 安全漏洞

ClinCapture EDC is a clinical trial data capture system from ClinCapture, Inc. A security vulnerability exists in ClinCapture EDC versions 3.0 and 2.2.3, which originates in reflective cross-site scripting and could lead to the execution of JavaScript code by an unauthenticated, remote attacker i...

6.1CVSS6.3AI score0.00247EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/16 9:32 p.m.24 views

CVE-2025-53618

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...

7.4CVSS0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.9 views

PT-2025-49334

The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/11/19 6:15 a.m.9 views

CVE-2025-12822

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 10:15 a.m.4 views

CVE-2025-64262

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS0.0013EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/09 2:28 a.m.5 views

SUSE CVE-2016-11076

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...

5.3CVSS7AI score0.00872EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 9:15 a.m.16 views

CVE-2025-40773

SiPass integrated (pre-3.0) contains a broken access control vulnerability where the authorization checks are insufficient on the server side, allowing a crafted API request to manipulate data of other users. Reported across multiple feeds (including Red Hat, NVD, CIRCL, and PT Security), with CV...

5.3CVSS6.8AI score0.00182EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41490

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.13 Description BigBlueButton is an open-source virtual classroom. A denial-of-service DoS condition exists in versions prior to 3.0.13. An authenticated user can disrupt chat functionality for all meeting...

7.5CVSS6.5AI score0.00366EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28115

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 8:32 a.m.4 views

CVE-2025-60169 WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through = 3.2...

7.1CVSS5.2AI score0.00108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.4 views

SUSE SLES12 Security Update : regionServiceClientConfigAzure (SUSE-SU-2025:03169-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03169-1 advisory. - Update to version 3.0.0. bsc1246995 - SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/07 12:0 a.m.5 views

Fedora 42 : kea (2025-92b4ae7199)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-92b4ae7199 advisory. - New version 3.0.1 rhbz2391289 - Fixes CVE-2025-40779 rhbz2391373 Tenable has extracted the preceding description block directly from the Fedora security...

7.5CVSS5.5AI score0.00495EPSS
Exploits0References2
Rows per page
Query Builder