Lucene search
K

196 matches found

Vulnrichment
Vulnrichment
added 2025/09/03 6:58 a.m.3 views

CVE-2025-58210 WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through = 1.8.5...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 6:58 a.m.19 views

CVE-2025-58210

CVE-2025-58210 describes a Missing Authorization issue in the ThemeMove Makeaholic WordPress theme. The vulnerability affects Makeaholic versions up to and including 1.8.5, stemming from incorrectly configured access control that allows unauthorized access. Multiple connected sources corroborate ...

9.8CVSS5.9AI score0.00237EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.3 views

CVE-2025-54716

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through = 1.8.5...

8.1CVSS5.9AI score0.00393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-25201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft...

7.5CVSS7.1AI score0.02579EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 12:37 p.m.9 views

CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through = 1.8.5...

8.1CVSS0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35070

Name of the Vulnerable Software and Affected Versions: ovatheme Ireca versions through 1.8.5 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations...

8.1CVSS6.4AI score0.00393EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/08/27 4:14 p.m.12 views

WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ireca versions = 1.8.5...

8.1CVSS7AI score0.00393EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/08/27 12:0 a.m.8 views

WordPress Makeaholic Theme <= 1.8.5 is vulnerable to Broken Access Control

Software Makeaholic Type Theme Vulnerable versions = 1.8.5 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de9323d56155 Credits Tran Nguyen Bao Khanh VCI - VNPT...

5.3CVSS6.5AI score0.00237EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.7 views

CVE-2024-48249

Wavelog 1.8.5 allows Gridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...

7.3CVSS8.1AI score0.00416EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.4 views

CVE-2024-34426

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5...

5.9CVSS5.2AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.4 views

CVE-2024-48251

Wavelog 1.8.5 allows Activatedgridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:35 a.m.4 views

CVE-2023-35875

Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5...

5.3CVSS8.5AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.11 views

CVE-2023-46617

Cross-Site Request Forgery CSRF vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5...

8.8CVSS8.5AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:45 p.m.8 views

CVE-2022-47155

Cross-Site Request Forgery CSRF vulnerability in Supsystic Slider by Supsystic plugin = 1.8.5 versions...

8.8CVSS7.1AI score0.00276EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.2 views

CVE-2020-21049

An invalid read in the stbimage.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service DOS via a crafted PSD file...

6.5CVSS6.5AI score0.01382EPSS
Exploits1
OSV
OSV
added 2025/05/19 3:15 p.m.4 views

CVE-2025-48256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 2:44 p.m.17 views

CVE-2025-48256 WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes Import Social Events import-facebook-events allows Stored XSS.This issue affects Import Social Events: from n/a through = 1.8.5...

6.5CVSS0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

WordPress plugin Import Social Events 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.00216EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/14 2:57 a.m.3 views

SUSE CVE-2025-25196

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...

9.8CVSS7AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2025/03/01 5:15 a.m.3 views

CVE-2024-13568

The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References2
Rows per page
Query Builder