Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.7 views

CVE-2025-68001

Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through = 2.1.0...

10CVSS5.4AI score0.00564EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/11/07 3:18 a.m.1 views

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS6.4AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2025/11/06 4:16 p.m.5 views

CVE-2025-60235

Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce Premium support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce Premium: from n/a through = 2.0.7...

10CVSS0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28047

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.4 views

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

6.1CVSS5.8AI score0.00413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.8 views

CVE-2024-10884

The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS5.8AI score0.00911EPSS
Exploits0References4
OSV
OSV
added 2024/04/17 12:0 a.m.6 views

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

6.1CVSS5.7AI score0.00413EPSS
Exploits1References3
CNVD
CNVD
added 2019/07/25 12:0 a.m.4 views

MetadataExtractor Stack Overflow Vulnerability

MetadataExtractor is a .NET library for extracting metadata such as Exif, IPT, XMP and ICC from image and video files. A security vulnerability exists in MetadataExtractor version 2.1.0. An attacker can exploit this vulnerability to cause a denial of service stack consumption...

7.8CVSS6.7AI score0.01546EPSS
Exploits0References1
Rows per page
Query Builder