Lucene search
+L

230 matches found

RedhatCVE
RedhatCVE
added 2025/05/09 3:24 p.m.16 views

CVE-2025-47659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

6.5CVSS7.2AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.30 views

CVE-2025-47659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

6.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.9 views

CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1...

6.5CVSS6.4AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:20 p.m.53 views

CVE-2025-47659

CVE-2025-47659 corresponds to a stored XSS in WPBakery Visual Composer WHMCS Elements due to improper input neutralization during web page generation. Affected product: WPBakery Visual Composer WHMCS Elements, versions up to 1.0.4.1 (per CVE description). Base metrics indicate a Medium severity (...

6.5CVSS7.2AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:20 p.m.33 views

CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

6.5CVSS0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

WordPress plugin WPBakery Visual Composer WHMCS Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.7AI score0.00174EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.14 views

SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload

SAP NetWeaver Visual Composer Metadata Uploader is affected by an improper authorization vulnerability allowing an unauthenticated attacker to upload arbitrary files allowing to achieve a Remote Code Execution. No source data...

10CVSS8AI score0.99406EPSS
Exploits18References2
GithubExploit
GithubExploit
added 2025/04/28 1:19 p.m.370 views

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

SAP-CVE-2025-31324 POC A tool to detect and exploit a critica...

10CVSS9.8AI score0.99406EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/04/28 11:57 a.m.29 views

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

10CVSS9.5AI score0.99406EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/04/28 11:57 a.m.8 views

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

10CVSS9.1AI score0.99406EPSS
Exploits18
GithubExploit
GithubExploit
added 2025/04/27 4:40 p.m.354 views

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

Vulnerability and Indicator of Compromise IoC Scanner for CV...

10CVSS9.7AI score0.99406EPSS
Exploits18
VulnCheck KEV
VulnCheck KEV
added 2025/04/27 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content...

9.1CVSS5.8AI score0.12522EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:34 p.m.10 views

CVE-2025-46254

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...

6.5CVSS7.2AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.22 views

SAP Netweaver Visual Composer Detection

Binary data sapnetweavervisualcomposerdetect.nbin...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.7 views

The vulnerability of the MetadataUploader function in the Visual Composer tool of the SAP NetWeaver software integration platform allows a hacker to execute arbitrary code.

The vulnerability of the MetadataUploader function in the Visual Composer software integration platform of SAP NetWeaver lies in the ability to upload executable files without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially...

10CVSS8.3AI score0.99406EPSS
Exploits18References7
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.32 views

SAP NetWeaver Visual Composer Metadata Uploader Improper Authorization (CVE-2025-31324) (Direct Check)

Binary data sapnetweaverCVE-2025-31324.nbin...

10CVSS7.3AI score0.99406EPSS
Exploits18References4
OSV
OSV
added 2025/04/24 5:15 p.m.2 views

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

9.8CVSS7.4AI score0.99406EPSS
Exploits18References6
Cvelist
Cvelist
added 2025/04/24 4:50 p.m.134 views

CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS0.99406EPSS
Exploits18References2
Vulnrichment
Vulnrichment
added 2025/04/24 4:50 p.m.22 views

CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS7.2AI score0.99406EPSS
Exploits18References2
CVE
CVE
added 2025/04/24 4:50 p.m.805 views

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

10CVSS7AI score0.99406EPSS
In wildExploits18References6Affected Software1
Rows per page
Query Builder