Lucene search
K

117 matches found

Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44936

Name of the Vulnerable Software and Affected Versions EM Beer Manager plugin for WordPress versions through 3.2.3 Description The EM Beer Manager plugin for WordPress is susceptible to arbitrary file upload, potentially leading to remote code execution. This is a result of inadequate file type...

8.8CVSS8.1AI score0.00582EPSS
Exploits0References8
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34298

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...

8.8CVSS5.8AI score0.00643EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:25 p.m.25 views

CVE-2025-34298

Nagios Log Server (prior to 2024R1.3.2) contains a privilege escalation in the account email-change workflow. An attacker could set their own email to an invalid value, and due to insufficient validation and authorization checks tied to email identity state, trigger an inconsistent account state ...

8.8CVSS6.6AI score0.00643EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44206

Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A crafted packet, based on public documentation, can be sent to the device. Normally, the device should reject packets with arbitrary or trivial data in certain fields. However, due to...

9.1CVSS6.7AI score0.00356EPSS
Exploits0References5
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

WordPress AP Background plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...

8.8CVSS8.2AI score0.00588EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54919

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2025/10/03 12:15 p.m.5 views

CVE-2025-9561

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

8.8CVSS0.00588EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.4 views

PT-2025-38254

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly is a P2P-based file distribution and image acceleration system susceptible to a server-side request forgery SSRF vulnerability. This flaw allows users to force Dragonfly2’s components to...

9.9CVSS9AI score0.02829EPSS
Exploits11References45
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

WordPress plugin WP-Members Membership Plugin 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exist...

5CVSS7.4AI score0.00266EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/31 12:0 a.m.2 views

WordPress BetPress plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress BetPress plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming...

7.1CVSS6.8AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2024-9648

The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 3:42 a.m.2 views

CVE-2024-9648 WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload

The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...

6.1CVSS6.7AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/08/20 3:22 a.m.6 views

EUVD-2025-25255

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

6.9CVSS6.2AI score0.20719EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.4 views

WordPress plugin Amazon Products to WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Amazon Products to WooCommerce plugin that stems from insufficient validation of the function wcta2wgeturls, which can be...

7.2CVSS7AI score0.00223EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-3515

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist...

9.8CVSS5.9AI score0.0509EPSS
Exploits2References1
CNVD
CNVD
added 2025/06/10 12:0 a.m.2 views

Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

Traffic Offense Reporting System is a traffic violation reporting system. The Traffic Offense Reporting System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker cou...

8.8CVSS6.8AI score0.00263EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

SAP Learning Solution 跨站请求伪造漏洞

SAP Learning Solution is an enterprise-wide learning management system from SAP. SAP Learning Solution suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could explo...

4.6CVSS6.7AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/17 7:40 p.m.16 views

CVE-2024-42200

HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting XSS attack, due to a potentially weak validation of user input...

4.8CVSS5.7AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16376 · Hcl · Hcl Bigfix Web Reports

Name of the Vulnerable Software and Affected Versions: HCL BigFix Web Reports affected versions not specified Description: The issue is related to a potentially weak validation of user input, which might make HCL BigFix Web Reports subject to a Stored Cross-Site Scripting XSS attack...

4.8CVSS5.3AI score0.00199EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/04 12:0 a.m.10 views

The vulnerability of the modTMSM component in the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the modTMSM component in the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

7.8CVSS6.5AI score0.00299EPSS
Exploits0References2
Rows per page
Query Builder