Lucene search
K

205 matches found

Cvelist
Cvelist
added 2025/08/13 6:39 a.m.7 views

CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

8.8CVSS0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

WordPress plugin Tutor LMS Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.8CVSS7.6AI score0.00326EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/31 2:5 p.m.3 views

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.load function. An attacker can execute arbitrary commands by uploading a maliciously crafted adapter model file tha...

7.5CVSS7.7AI score
Exploits0References3
Snyk
Snyk
added 2025/07/31 2:2 p.m.5 views

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...

9.8CVSS7.8AI score0.02494EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.5 views

Bolt CMS 安全漏洞

Bolt CMS is a PHP-based open source content management system from Bolt CMS Open Source. A security vulnerability exists in Bolt CMS 3.7.0 and prior versions that originates from allowing an authenticated user to inject arbitrary PHP code into the displayname field, which could lead to remote cod...

8.8CVSS7.5AI score0.02148EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.7 views

CVE-2024-47393

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohamed Magdy Quill Forms quillforms allows Stored XSS.This issue affects Quill Forms: from n/a through = 3.7.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.11 views

CVE-2022-46255

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...

9.8CVSS7.8AI score0.01449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.8 views

CVE-2021-21296

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the...

4CVSS7AI score0.01941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.8 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.01315EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin Cost of Goods for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.1AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2025/04/28 4:15 p.m.15 views

CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

3.3CVSS0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.5 views

PT-2025-18087 · Snowflake · Snowflake Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Snowflake ODBC Driver versions prior to 3.7.0 Description: The issue concerns the logging of sensitive information. In certain code paths, the whole SQL query was logged at the INFO level. This could potentially lead to the exposure of...

3.3CVSS7AI score0.0013EPSS
Exploits0References6
OSV
OSV
added 2025/04/16 6:16 p.m.7 views

AZL-60523 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.7.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

WordPress plugin MinimogWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.8AI score0.0071EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/18 9:49 p.m.3 views

WordPress MinimogWP theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion vulnerability

Unauthenticated Local PHP File Inclusion vulnerability discovered by Lucio Sá in WordPress Theme MinimogWP versions = 3.7.0...

9.8CVSS8.9AI score0.0071EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/08 5:15 p.m.4 views

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2025/01/08 5:15 p.m.3 views

DEBIAN-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2025/01/02 5:15 p.m.5 views

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

5.3CVSS5.7AI score0.11659EPSS
Exploits0References6
OSV
OSV
added 2024/10/01 2:15 a.m.2 views

CVE-2024-9358

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...

5.9CVSS5.9AI score
Exploits0References4
Patchstack
Patchstack
added 2024/09/30 11:12 a.m.4 views

WordPress Quill Forms plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Quill Forms versions = 3.7.0...

6.5CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
Rows per page
Query Builder