Lucene search
K

35 matches found

NVD
NVD
added yesterday8 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
OSV
OSV
added 2026/04/13 1:1 p.m.3 views

CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...

7.1CVSS5.9AI score0.00346EPSS
Exploits0References4
OSV
OSV
added 2026/03/08 2:2 p.m.5 views

CVE-2026-3739 suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

5.3CVSS6.2AI score0.00319EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/02 7:17 p.m.14 views

EUVD-2026-9256

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

8.4CVSS5.8AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 10:24 p.m.5 views

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50806

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS5AI score0.00157EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server version 0.0.2 and earlier, which stems from a server-side request forger...

7.5CVSS6.6AI score0.00459EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.14 views

CVE-2025-13857

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.8 views

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

6.5CVSS0.00266EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.12 views

CVE-2025-12667

The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60920

The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References4
CVE
CVE
added 2025/10/24 3:41 p.m.23 views

CVE-2025-62714

Karmada Dashboard had an API authentication bypass before v0.2.0. The backend endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster data (Secrets and Services) directly, even though the web UI required a JWT. A...

8.7CVSS6.4AI score0.00607EPSS
Exploits0References6
CVE
CVE
added 2025/10/22 2:32 p.m.8 views

CVE-2025-48093

CVE-2025-48093 affects the WordPress plugin Password only login (password-only-login), vulnerable in versions

7.1CVSS6AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/10/08 7:15 p.m.4 views

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS0.04296EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...

9.8CVSS6.8AI score0.03542EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

WordPress plugin CF7 Submissions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.13 views

CVE-2025-9634 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...

4.3CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.5 views

PT-2025-37152

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pub save action handler. This makes it possible for unauthenticated attackers to disable or enable...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References3
OSV
OSV
added 2025/08/29 3:15 p.m.6 views

AZL-66711 CVE-2025-54080 affecting package exiv2 0.28.3-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS5.7AI score0.00132EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/21 12:0 a.m.3 views

WordPress List Urls Plugin <= 0.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin List Urls versions = 0.2...

7.1CVSS6.1AI score0.00257EPSS
Exploits0Affected Software1
Rows per page
Query Builder