Lucene search
K

25 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:46 p.m.8 views

Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6

Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...

6.3CVSS5.7AI score0.00556EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.5 views

CVE-2026-25359

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-25359

CVE-2026-25359 describes a Deserialization of Untrusted Data vulnerability in the Pendulum theme for WordPress, allowing PHP Object Injection. Affected software: Pendulum from no public earliest version up to

8.8CVSS5.8AI score0.00344EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/21 3:31 a.m.4 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +29 more potentially affected by CVE-2025-65995 via apache-airflow (>=3.0.0rc4 <=3.1.5)

apache-airflow PYPI version =3.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.1, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2025-65995 Source advisory: OSV:GHSA-GFW7-2V73-69WG...

6.5CVSS5.7AI score0.00801EPSS
Exploits0
CVE
CVE
added 2026/01/13 7:44 p.m.23 views

CVE-2026-21287

CVE-2026-21287 affects Substance3D Stager

7.8CVSS7.3AI score0.0018EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/08 9:17 a.m.17 views

CVE-2025-68887

CVE-2025-68887 refers to a Reflected XSS in the WP-BusinessDirectory (WordPress) plugin. The Wordfence Vulnerability Report lists WP-BusinessDirectory

7.1CVSS5.9AI score0.00194EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/02 2:12 p.m.6 views

WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Blog versions 3.1.5...

5.4CVSS5.3AI score0.00168EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/12/16 8:12 a.m.6 views

CVE-2025-64237

CVE-2025-64237 is a CSRF vulnerability in the WordPress plugin Quick Interest Slider (versions up to 3.1.5). The issue allows cross-site request forgery in the affected plugin. Public sources (e.g., Patchstack/WordPress CVE notes) indicate upgrading to a newer release is recommended, but the exac...

4.3CVSS6.5AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 9:15 p.m.6 views

CVE-2025-64531

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 9:15 p.m.4 views

CVE-2025-64531

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 8:43 p.m.4 views

CVE-2025-61835 Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.3AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 8:43 p.m.3 views

CVE-2025-64531 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.3AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 8:43 p.m.3 views

CVE-2025-61834 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 8:43 p.m.9 views

CVE-2025-61834

Adobe Substance3D Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability (CVE-2025-61834) that could allow arbitrary code execution in the context of the current user and requires the victim to open a malicious file. The connected Nessus advisory APSB25-113 references ad...

7.8CVSS7.3AI score0.00201EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/11 8:43 p.m.3 views

CVE-2025-61834 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.3AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.3 views

PT-2025-46548

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.5 and earlier Description A Use After Free issue exists in Substance3D - Stager. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User interaction is...

7.8CVSS7.3AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28109

Malicious code in bioql PyPI...

10CVSS8.8AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.10 views

CVE-2023-45637

Unauth. Reflected Cross-Site Scripting XSS vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin = 3.1.5 versions...

7.1CVSS5.9AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:54 a.m.7 views

CVE-2022-47422

Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...

8.8CVSS7AI score0.0026EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.5 views

WordPress plugin FULL – Cliente SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin...

6.5CVSS7.7AI score0.00317EPSS
Exploits0References4
Rows per page
Query Builder