Lucene search
K

199 matches found

Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.5 views

PT-2025-3548 · Lunasvg · Lunasvg

Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: A segmentation violation was discovered in lunasvg via the plutovg blend component. This issue can be exploited. Recommendations: For lunasvg version 3.0.0, as a temporary workaround, consider disabling the...

6.5CVSS7AI score0.00334EPSS
Exploits1References7
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.6 views

WordPress CAMOO SMS plugin <= 3.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin CAMOO SMS versions = 3.0.1...

7.1CVSS6.1AI score0.00378EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.3 views

WordPress plugin Classic Addons 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS8.2AI score0.00571EPSS
Exploits0References1
OSV
OSV
added 2024/12/31 4:15 p.m.5 views

CVE-2024-53647

Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service...

8.2CVSS5.8AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/26 12:0 a.m.3 views

Fields GLPI plugin 安全漏洞

Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A security vulnerability exists in the Fields GLPI plugin version 3.0.0 through versions prior to 3.0.3, which stems from an inadequate security check that allows an unauthenticated attacker to determine if data with a specific...

8.2CVSS6.6AI score0.00502EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.7 views

BYD Dilink Headunit System 安全漏洞

BYD Dilink Headunit System is an in-vehicle operating system of the Chinese company BYD BYD. A security vulnerability exists in BYD Dilink Headunit System version v3.0 to v4.0. An attacker can exploit the vulnerability to bypass authentication via brute force attack...

9.8CVSS6.9AI score0.00532EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.7 views

OpsManage 代码问题漏洞

OpsManage is a code deployment, application deployment, scheduled tasks, and device asset management platform by William.Cao Personal Developer. A code issue vulnerability exists in OpsManage. An attacker exploiting this vulnerability could cause data deserialization. The following versions are...

6.5CVSS6.5AI score0.00536EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.7 views

Enel X Waybox 安全漏洞

The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from the fact that the TCF proxy service can be used to gain administrator privileges on the Waybox system...

9.6CVSS6.9AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 4:15 p.m.9 views

CVE-2024-10469

VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.4 views

Apache Syncope 跨站脚本漏洞

Apache Syncope is an open source digital identity management system from the Apache USA Foundation for use in enterprise environments. The system supports identity management, role configuration, and more. A cross-site scripting vulnerability exists in Apache Syncope versions 2.1.X through 2.1.14...

6.1CVSS5.6AI score0.0061EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/17 11:29 a.m.6 views

WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability

Broken Access Control to Notice Dismissal vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Photo Gallery Builder versions = 3.0...

8.8CVSS7AI score0.00409EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.11 views

PT-2024-10623 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to a missing capability check in the /inc/root.php file, which allows unauthenticated attackers to bypass authorization. This enables them ...

9.8CVSS8.1AI score0.0078EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/10/15 3:16 a.m.6 views

WordPress WP 2FA with Telegram plugin <= 3.0 - Two-Factor Authentication Bypass vulnerability

Two-Factor Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin WP 2FA with Telegram versions = 3.0...

7.5CVSS7AI score0.00391EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.5 views

PT-2024-39967 · Newtype · Newtype Webeip

Name of the Vulnerable Software and Affected Versions: NewType WebEIP version 3.0 Description: The issue is related to improper validation of user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters. This results in a Reflected Cross-site...

5.4CVSS6.3AI score0.00262EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.6 views

moziloCMS 安全漏洞

moziloCMS is a content management system CMS in the moziloCMS open source. A security vulnerability exists in moziloCMS version 3.0, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of a user...

6.1CVSS6.1AI score0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.8 views

Mikafon MA7 SQL注入漏洞

Mikafon MA7 is an application from Mikafon Inc. A SQL injection vulnerability exists in Mikafon MA7 versions v3.0 through v3.1, which stems from improper neutralization using a special element resulting in SQL injection...

9.8CVSS8.1AI score0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.9 views

PT-2024-28117 · Unknown · Skt Addons For Elementor

Name of the Vulnerable Software and Affected Versions: SKT Addons for Elementor versions 3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: F...

6.5CVSS5.3AI score0.00317EPSS
Exploits0References5
OSV
OSV
added 2024/07/05 5:15 p.m.6 views

CVE-2024-27717

Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/24 11:40 a.m.9 views

WordPress Similarity plugin <= 3.0 - CSRF Leading to Stored Cross-Site Scripting vulnerability

CSRF Leading to Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Similarity versions = 3.0...

5.7CVSS5.8AI score0.00229EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.10 views

PT-2024-27200 · Unknown · Phpgurukul Small Crm

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: A critical issue has been found in the Registration Page component of PHPGurukul Small CRM, affecting some unknown functionality. This issue leads to SQL injection. The attack can be launched...

9.8CVSS8.3AI score0.00924EPSS
Exploits1References7
Rows per page
Query Builder