Lucene search
K

35 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00238EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

4.5CVSS5.8AI score0.00065EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

8.8CVSS6AI score0.00463EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11835

Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...

5.8AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 3:38 p.m.14 views

CVE-2026-1774

CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...

9.8CVSS5.4AI score0.00624EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4221

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through = 2.4.7...

5.5AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 7:33 a.m.3 views

CVE-2025-58899

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Frame frame allows PHP Local File Inclusion.This issue affects Frame: from n/a through = 2.4.0...

8.1CVSS7.1AI score0.00415EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 10:46 a.m.433 views

CVE-2025-65082

CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...

6.5CVSS6.5AI score0.00758EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/11/20 10:18 p.m.8 views

WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...

4.3CVSS5.4AI score0.00197EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.3 views

PT-2025-45277

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through = 2.4.3...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.4 views

CVE-2025-60101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 7:37 p.m.4 views

WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin GutenKit versions = 2.4.2...

6.5CVSS6AI score0.0025EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.4 views

GNU C Library 安全漏洞

The GNU C Library is an open source, free C language compiler from the GNU community released under the LGPL license. A security vulnerability exists in GNU C Library versions 2.4 through 2.41, which stems from a double release in the regcomp function on certain allocation failures, which may...

5.9CVSS6.9AI score0.00158EPSS
Exploits0References3
OSV
OSV
added 2025/07/18 8:15 a.m.2 views

CVE-2024-32124

An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...

4.3CVSS5.8AI score0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:27 p.m.2 views

WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Ride Booking versions = 2.4...

4.3CVSS6.8AI score0.00197EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.4 views

WordPress plugin wpForo Forum 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

6.5CVSS8.3AI score0.00346EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

YunzMall 安全漏洞

YunzMall is an e-commerce solution from the Chinese company YunzMall. A security vulnerability exists in YunzMall 2.4.2 and earlier versions, which stems from a manipulation of the parameter pwd that can lead to weakened password recovery...

6.9CVSS5.5AI score0.00523EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/12/11 10:40 p.m.5 views

WordPress Vimeography plugin <= 2.4.4 - Full Path Disclosure (FPD) vulnerability

Full Path Disclosure FPD vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Plugin Vimeography versions = 2.4.4...

5.3CVSS7AI score0.00553EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.2 views

WordPress plugin Code Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.1AI score0.00242EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.4 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...

5.4CVSS6.8AI score0.0051EPSS
Exploits0References4
Rows per page
Query Builder