Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

6.4CVSS5.7AI score0.00296EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 9:17 p.m.12 views

DEBIAN-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

7.5CVSS5.5AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 8:13 p.m.26 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS0.00514EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:13 p.m.3 views

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.9AI score0.00514EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/20 8:13 p.m.6 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/20 8:13 p.m.8 views

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.9 views

CVE-2025-68837

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from...

6.5CVSS5.5AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

AZL-75281 CVE-2025-68160 affecting package openssl for versions less than 3.3.5-3

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

4.7CVSS6.4AI score0.00152EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.7 views

CVE-2025-59566

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...

7.7CVSS6.9AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34199

Name of the Vulnerable Software and Affected Versions: WP Webhooks plugin for WordPress versions up to and including 3.3.5 Description: The WP Webhooks plugin for WordPress is susceptible to arbitrary file copy due to insufficient validation of user-supplied input. This allows unauthenticated...

9.8CVSS6AI score0.00534EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.8 views

CVE-2023-38388

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5...

9.8CVSS7.4AI score0.01374EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.5 views

WordPress plugin Content Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.1AI score0.00284EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.5 views

PT-2024-27382 · Dropshipping Guru · Ali2Woo Lite

Name of the Vulnerable Software and Affected Versions: Dropshipping Guru Ali2Woo Lite versions n/a through 3.3.5 Description: The issue is related to a Missing Authorization vulnerability, which involves exploiting incorrectly configured access control security levels. It also includes a Stored X...

6.5CVSS6AI score0.0025EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.7 views

livewire security breach

Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A security vulnerability exists in livewire version 3.3.5 and versions prior to 3.4.9 that stems from vulnerability to cross-site scripting XSS attacks, which allows an attacker to...

6.1CVSS5.8AI score0.00516EPSS
Exploits1References6
Rows per page
Query Builder