Lucene search
K

281 matches found

CNNVD
CNNVD
added 2025/12/18 12:0 a.m.6 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.9.1 of dify, which stems from a misconfiguration of CORS and could lead to cross-domain authentication requests...

9.1CVSS6.8AI score0.00212EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.27 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

0.00212EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/13 6:30 p.m.7 views

EUVD-2025-203224

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

8.1CVSS6.6AI score0.00542EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.1AI score0.00542EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202098

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.1...

6.5AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-67548

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.1...

6.5CVSS0.00237EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.8 views

CVE-2025-67548

CVE-2025-67548 affects the WordPress plugin WP Delicious (delicious-recipes) versions

6.5CVSS6.6AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49922

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.1...

6.5CVSS7AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2025/12/04 9:31 p.m.4 views

GHSA-4F99-4Q7P-P3GH Logrus is vulnerable to DoS when using Entry.Writer()

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

8.7CVSS6.6AI score0.00585EPSS
Exploits1References11
OSV
OSV
added 2025/12/04 7:16 p.m.5 views

AZL-71626 CVE-2025-65637 affecting package local-path-provisioner for versions less than 0.0.21-20

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/02 7:43 p.m.4 views

Use of Hard-coded Cryptographic Key

Overview arcade-mcp-server is a Model Context Protocol MCP server framework for Arcade.dev Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal...

6.9CVSS6.9AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.5 views

CVE-2025-53586

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through = 1.9.1...

8.8CVSS7AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.5 views

CVE-2025-53586

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through = 1.9.1...

8.8CVSS0.00421EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:54 p.m.5 views

EUVD-2025-37989

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through = 1.9.1...

6.5AI score0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.3 views

CVE-2025-53585 WordPress WeMusic theme <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through = 1.9.1...

7.1CVSS6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:54 p.m.6 views

CVE-2025-53585

The CVE-2025-53585 entry concerns the WordPress WeMusic theme (noo-wemusic) with versions up to and including 1.9.1, which is vulnerable to Reflected XSS caused by improper neutralization of input during web page generation. The affected component is the WeMusic theme for WordPress; root cause is...

7.1CVSS6AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.4 views

PT-2025-45231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through = 1.9.1...

7.1CVSS6.4AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45232

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through = 1.9.1...

7AI score0.00421EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin WeMusic 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS6.9AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin WeMusic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder