Lucene search
+L

456 matches found

Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.11 views

PT-2025-49347

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00205EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.7 views

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

7.5CVSS6.3AI score0.00822EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

MongoDB 7.0.x < 7.0.25 / 8.0.x < 8.0.15 / 8.2.x < 8.2.1 / 8.3.0-rc0 (SERVER-105873)

The version of MongoDB installed on the remote host is 7.0 prior to 7.0.25, 8.0 prior to 8.0.15, 8.2 prior to 8.2.1 and 8.3.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-105873 advisory. - An authorized user may crash the MongoDB server by causing buffer...

6.5CVSS7.3AI score0.00251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.6 views

Fedora 42 : restic (2025-65fc438cba)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-65fc438cba advisory. Update to 0.18.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS7AI score0.00626EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.7 views

Hello Video Codec 安全漏洞

Hello Video Codec is a video codec from Tempus Ex open source. A security vulnerability exists in Hello Video Codec version v0.1.0, which stems from improper validation of inputs to the BitstreamWriter::writebits function, which could lead to a denial of service attack...

6.5CVSS6.5AI score0.00321EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/26 9:31 p.m.8 views

EUVD-2025-199752

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

6.4AI score0.00317EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.10 views

PT-2025-48197

Name of the Vulnerable Software and Affected Versions XML-Sig versions 0.27 through 0.67 Description The Perl module XML-Sig does not correctly validate XML files when signatures are absent. An attacker can remove a signature from an XML document, causing the verification check to pass incorrectl...

9.3CVSS6.6AI score0.00146EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: cpp-httplib (TSSA-2025:0374)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0374 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.2AI score0.00603EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/18 8:27 a.m.6 views

EUVD-2025-197943

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

4.3CVSS4.8AI score0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.4 views

CVE-2025-11859 Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/10 10:20 p.m.6 views

WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...

6.4CVSS5.5AI score0.00176EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.6 views

CVE-2025-48078

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

7.1CVSS6.6AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:53 p.m.13 views

CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

7.1CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:53 p.m.4 views

EUVD-2025-38023

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

6.1AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

WordPress plugin Backup and Move 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.6AI score0.00288EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/04 4:47 a.m.7 views

WordPress WP Global Screen Options plugin <= 0.2 - Cross-Site Request Forgery to Screen Options Update vulnerability

Cross-Site Request Forgery to Screen Options Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Global Screen Options versions = 0.2...

4.3CVSS7AI score0.00122EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

WordPress plugin WP Global Screen Options 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 11:30 p.m.85 views

CVE-2025-52665

Summary (CVE-2025-52665): UniFi Access Application versions 3.3.22–3.4.31 expose a misconfigured management API that lacks proper authentication, allowing potential unauthorized access by actors on the management network. The vulnerability was introduced in 3.3.22 and fixed in 4.0.21 and later. R...

10CVSS6.4AI score0.40972EPSS
In wildExploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/28 8:53 p.m.4 views

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS6.4AI score0.00116EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.5 views

CVE-2025-62986

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

7.1CVSS6.6AI score0.00103EPSS
Exploits0References1
Rows per page
Query Builder