Lucene search
+L

360 matches found

cnnvd
cnnvd
added 2025/11/09 12:0 a.m.6 views

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.0.1 and earlier versions, which stems from improper control of the resource identifier of the parameter uuid in the file /src/modules/oms/graphql/types/Order/Order.resolvers.js, which...

6.3CVSS4.7AI score0.00453EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/10/28 12:0 a.m.5 views

IBM Concert Software 安全漏洞

IBM Concert Software is a generative AI-driven automated application management and monitoring tool based on the watsonx platform from IBM. An information disclosure vulnerability exists in IBM Concert Software that stems from not properly clearing sensitive information before freeing heap memory...

6.2CVSS6AI score0.00114EPSS
Exploits0References2
euvd
euvd
added 2025/10/27 3:30 a.m.9 views

EUVD-2025-35993

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through = 2.0.3...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References2
cve
cve
added 2025/10/27 1:34 a.m.17 views

CVE-2025-62956

CVE-2025-62956 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Reloadly Reloadly-topup-widget (Reloadly plugin) that allows Stored XSS. Public descriptions indicate this affects Reloadly versions from n/a through <= 2.0.1. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S...

7.1CVSS6.3AI score0.00124EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/10/27 12:0 a.m.7 views

WordPress plugin Reloadly 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site...

7.1CVSS6AI score0.00124EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/24 8:23 a.m.11 views

CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

4.3CVSS0.00122EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/10/24 12:0 a.m.6 views

PT-2025-43670

Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...

8.3CVSS6.6AI score0.00417EPSS
Exploits1References9
euvd
euvd
added 2025/10/22 3:31 p.m.8 views

EUVD-2025-35418

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

5.3CVSS6.5AI score0.00186EPSS
Exploits0References2
nvd
nvd
added 2025/10/21 4:15 p.m.7 views

CVE-2025-22166

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

8.3CVSS0.00459EPSS
Exploits0References2
patchstack
patchstack
added 2025/10/15 12:45 a.m.8 views

WordPress Rich Snippet Site Report plugin <= 2.0.0105 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by johska in WordPress Theme Rich Snippet Site Report versions = 2.0.0105...

4.9CVSS8AI score0.00333EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2025/10/15 12:0 a.m.5 views

mailgen 跨站脚本漏洞

mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.31 and earlier, which stems from the generatePlaintext method not properly filtering HTML tags when processing user-generated content, which could lead to...

6.3CVSS5.7AI score0.00418EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/10/11 10:31 a.m.6 views

CVE-2025-52634

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0...

3.7CVSS6.9AI score0.00223EPSS
Exploits0References1
euvd
euvd
added 2025/10/06 5:2 p.m.5 views

EUVD-2025-32568

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

7.5CVSS6AI score0.00488EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29676

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00578EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31254

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00445EPSS
Exploits0References2
cvelist
cvelist
added 2025/09/30 3:35 a.m.10 views

CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.00361EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/09/30 12:0 a.m.6 views

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...

4.9CVSS4.4AI score0.00281EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/27 12:51 a.m.8 views

CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

8.6CVSS6.5AI score0.00346EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/24 6:30 p.m.2 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS5.9AI score0.00224EPSS
Exploits0References1
nvd
nvd
added 2025/09/22 7:15 p.m.3 views

CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

5.9CVSS0.00224EPSS
Exploits0References1
Rows per page
Query Builder