Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.13 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.9 views

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.8 views

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33671 via picomatch (>=1.2.0 <=2.3.1)

picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20459

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

6.5CVSS5.6AI score0.00288EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.5 views

PT-2025-34508 · WordPress · Wc Plus

Name of the Vulnerable Software and Affected Versions: WC Plus plugin for WordPress versions up to and including 1.2.0 Description: The WC Plus plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the pluswc logo favicon logo base API...

5.3CVSS6.7AI score0.00224EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.4 views

PT-2025-34374 · Dpanel · Dpanel

Name of the Vulnerable Software and Affected Versions: dpanel versions 1.2.0 through 1.7.2 Description: dpanel is a server management panel written in Go. Versions of the software allow authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint...

6.1CVSS6.6AI score0.00434EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 5:58 a.m.3 views

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

7.5CVSS6.9AI score0.01182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.6 views

PT-2024-26352 · Unknown · Hidden Depth Sticky Banner

Name of the Vulnerable Software and Affected Versions: Hidden Depth Sticky banner versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can...

5.9CVSS6.6AI score0.00446EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-25229

Name of the Vulnerable Software and Affected Versions kubevirt versions 1.2.0 and earlier Description The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This can be done by sending a crafted command to the /kubevirt.io/kubevirt API...

5.9CVSS6.7AI score0.00324EPSS
Exploits0References29
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.82 views

NuProcess 安全漏洞

NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge's personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly...

9.8CVSS9.3AI score0.01177EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.7 views

PT-2022-24180 · WordPress · Export Post Info

Name of the Vulnerable Software and Affected Versions: Export Post Info plugin versions 1.2.0 and earlier Description: The issue is related to an Authenticated CSV Injection vulnerability. This vulnerability affects the Export Post Info plugin at WordPress, where an authenticated user with author...

6.2CVSS5.4AI score0.00617EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/14 1:6 a.m.5 views

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2019-1003010 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.1)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-1003010 Source advisory: OSV:GHSA-R8RW-XX57-M64Q...

4.3CVSS6.5AI score0.01145EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/06 12:0 a.m.7 views

PT-2021-10906 · Union Pay · Union Pay

Name of the Vulnerable Software and Affected Versions: Union Pay versions up to 1.2.0 Description: The issue allows attackers to shop for free in merchants' websites and mobile apps via a crafted authentication code MAC generated based on a secret key which is NULL. This is due to an improper...

7.5CVSS7.7AI score0.00924EPSS
Exploits0References6
CNVD
CNVD
added 2020/09/17 12:0 a.m.4 views

CloudBees Jenkins OpenShift Deployer Plugin Has Unspecified Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...

5.3CVSS6.7AI score0.00614EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/11/21 10:19 p.m.6 views

ae.teletronics.nlp:entityextraction (=1.3), au.gov.amsa.risky:spark (>=0.5.2 <=0.5.9) +269 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=1.6.3)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.5.2, =1.0.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =1.6.0, =1.0, =1.0.1, =1.0.0, =0.8.0, =0.8.2 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7...

9.8CVSS7.2AI score0.08721EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 4:57 p.m.9 views

org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...

9.8CVSS7.2AI score0.03986EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/02/27 12:0 a.m.4 views

PT-2017-16779

Name of the Vulnerable Software and Affected Versions rubyzip gem versions prior to 1.2.1 Description The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname...

9.8CVSS6.7AI score0.04499EPSS
Exploits1References29
Rows per page
Query Builder