Lucene search
K

199 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-37302

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42905

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00501EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43996

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00382EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32775

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00517EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-48345

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-59252

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6251

Malicious code in bioql PyPI...

6.4CVSS9.2AI score0.00253EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-16813

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00555EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-22048

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00321EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53968

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00197EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/04 9:43 p.m.4 views

WordPress BitFire plugin <= 4.5 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 4.5...

5.3CVSS6.7AI score0.00296EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/27 12:0 a.m.5 views

PT-2025-30994 · WordPress · Memory Usage

Name of the Vulnerable Software and Affected Versions: Memory Usage plugin for WordPress versions prior to 3.99 Description: The Memory Usage plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validation in the wpmemory install plugin function. This allows...

4.3CVSS6.3AI score0.00176EPSS
Exploits0References7
NVD
NVD
added 2025/07/24 10:15 a.m.4 views

CVE-2025-6382

The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render method takes the user-supplied name attribute and injects it directly into a tag - both in the id attribute...

6.4CVSS0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/24 9:22 a.m.21 views

CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...

8.8CVSS0.00568EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.12 views

PT-2025-30228 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.5 through 6.8.2 Description: WordPress versions 3.5 through 6.8.2 are susceptible to a flaw that allows remote attackers to determine the titles of private and draft posts through pingback.ping XML-RPC requests...

3.7CVSS6.3AI score0.00321EPSS
Exploits1References13
Debian CVE
Debian CVE
added 2025/07/21 12:0 a.m.12 views

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

3.7CVSS5.4AI score0.00321EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/07/18 10:4 a.m.9 views

CVE-2025-7035

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mlatagcloud and mlatermlist shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/18 5:23 a.m.5 views

CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/16 11:28 a.m.2 views

CVE-2025-24779 WordPress Yogi theme <= 2.9.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0...

8.8CVSS6.5AI score0.00462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/12 9:24 a.m.6 views

CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution

The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the...

9.8CVSS8.3AI score0.12633EPSS
Exploits5References5
Rows per page
Query Builder