Django REST framework

Vulnerability List

Lookup for vulnerabilities affecting packages.

Vulnerability_idSummaryAliasesFixed_packagesAffected_packagesReferencesWeaknessesExploitsSeverity_range_scoreExploitabilityWeighted_severityRisk_scoreResource_url
VCID-1119-zsfd-kyfn 
Startup control vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
0
alias CVE-2024-54121
0
reference_url https://consumer.huawei.com/en/support/bulletin/2025/1/
reference_id 1
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T14:27:23Z/
url https://consumer.huawei.com/en/support/bulletin/2025/1/
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
6.2 - 6.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1119-zsfd-kyfn
VCID-111c-smz9-z3h4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm snow-storm allows Reflected XSS.This issue affects Snow Storm: from n/a through <= 1.4.6.
0
alias CVE-2025-30858
0
reference_url https://patchstack.com/database/Wordpress/Plugin/snow-storm/vulnerability/wordpress-snow-storm-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_id wordpress-snow-storm-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:59:20Z/
url https://patchstack.com/database/Wordpress/Plugin/snow-storm/vulnerability/wordpress-snow-storm-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
7.1 - 7.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-111c-smz9-z3h4
VCID-111m-p3qu-m7b8 
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of EMF files.
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22133.
0
alias CVE-2023-42106
0
reference_url https://www.tracker-software.com/support/security-bulletins.html
reference_id security-bulletins.html
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-06T20:59:22Z/
url https://www.tracker-software.com/support/security-bulletins.html
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-23-1486/
reference_id ZDI-23-1486
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-06T20:59:22Z/
url https://www.zerodayinitiative.com/advisories/ZDI-23-1486/
0
cwe_id 125
name Out-of-bounds Read
description The product reads data past the end, or before the beginning, of the intended buffer.
3.3 - 3.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-111m-p3qu-m7b8
VCID-111q-s7ju-mkd2 Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.
0
alias CVE-2023-25455
0
reference_url https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve
reference_id wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-09T14:57:32Z/
url https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
5.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-111q-s7ju-mkd2
VCID-111s-e4zr-sqfa IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
0
alias CVE-2024-45097
0
reference_url https://www.ibm.com/support/pages/node/7167255
reference_id 7167255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T15:46:12Z/
url https://www.ibm.com/support/pages/node/7167255
1
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*
0
cwe_id 650
name Trusting HTTP Permission Methods on the Server Side
description The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.
5.9 - 5.9 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-111s-e4zr-sqfa
VCID-111u-3akt-rbgp
0
alias CVE-2006-10002
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patch
reference_id 56b0509dfc6b559cd7555ea81ee62e3622069255.patch
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:11:03Z/
url https://github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patch
2
reference_url https://github.com/cpan-authors/XML-Parser/issues/64
reference_id 64
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:11:03Z/
url https://github.com/cpan-authors/XML-Parser/issues/64
3
reference_url https://metacpan.org/release/TODDR/XML-Parser-2.46/changes
reference_id changes
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:11:03Z/
url https://metacpan.org/release/TODDR/XML-Parser-2.46/changes
4
reference_url https://rt.cpan.org/Ticket/Display.html?id=19859
reference_id Display.html?id=19859
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:11:03Z/
url https://rt.cpan.org/Ticket/Display.html?id=19859
0
cwe_id 122
name Heap-based Buffer Overflow
description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
1
cwe_id 176
name Improper Handling of Unicode Encoding
description The product does not properly handle when an input contains Unicode encoding.
8.6 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-111u-3akt-rbgp
VCID-1122-2zmj-qkhp In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
0
alias CVE-2025-26448
0
reference_url https://source.android.com/security/bulletin/2025-06-01
reference_id 2025-06-01
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T16:10:05Z/
url https://source.android.com/security/bulletin/2025-06-01
1
reference_url https://android.googlesource.com/platform/frameworks/base/+/3c1515f4d1942f2453554315a576ed874703f78b
reference_id 3c1515f4d1942f2453554315a576ed874703f78b
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T16:10:05Z/
url https://android.googlesource.com/platform/frameworks/base/+/3c1515f4d1942f2453554315a576ed874703f78b
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1122-2zmj-qkhp
VCID-1124-tn9j-43bz Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.
0
alias CVE-2022-2898
0
reference_url https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06
reference_id icsa-22-235-06
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:50:09Z/
url https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06
0
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
6.1 - 6.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1124-tn9j-43bz
VCID-112d-m5sx-bygr WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3.
0
alias CVE-2025-53525
0
reference_url https://github.com/LabRedesCefetRJ/WeGIA/commit/45695edc5ff7689f14efcfddb37e0323df34e184
reference_id 45695edc5ff7689f14efcfddb37e0323df34e184
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T20:46:59Z/
url https://github.com/LabRedesCefetRJ/WeGIA/commit/45695edc5ff7689f14efcfddb37e0323df34e184
1
reference_url https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-982x-v58q-6qpj
reference_id GHSA-982x-v58q-6qpj
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T20:46:59Z/
url https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-982x-v58q-6qpj
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2.0 - 2.0 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112d-m5sx-bygr
VCID-112g-rdw7-tfg8 A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
0
alias CVE-2025-2624
0
reference_url https://github.com/IceFoxH/VULN/issues/11
reference_id 11
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:55:38Z/
url https://github.com/IceFoxH/VULN/issues/11
1
reference_url https://vuldb.com/?ctiid.300626
reference_id ?ctiid.300626
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:55:38Z/
url https://vuldb.com/?ctiid.300626
2
reference_url https://vuldb.com/?id.300626
reference_id ?id.300626
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:55:38Z/
url https://vuldb.com/?id.300626
3
reference_url https://vuldb.com/?submit.519295
reference_id ?submit.519295
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:55:38Z/
url https://vuldb.com/?submit.519295
0
cwe_id 74
name Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
1
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
5.3 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112g-rdw7-tfg8
VCID-112m-dg9r-bben InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
0
alias CVE-2025-24452
0
reference_url https://helpx.adobe.com/security/products/indesign/apsb25-19.html
reference_id apsb25-19.html
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T04:01:08Z/
url https://helpx.adobe.com/security/products/indesign/apsb25-19.html
0
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
7.8 - 7.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112m-dg9r-bben
VCID-112r-9ec6-gyf8 security update
0
alias CVE-2018-20151
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112r-9ec6-gyf8
VCID-112w-wyk9-aycb 
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.

As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)."

This is similar to CVE-2020-36829
0
alias CVE-2024-13939
0
reference_url https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
reference_id ConstantTime.pm#TIMING-SIDE-CHANNEL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T14:08:00Z/
url https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
0
cwe_id 208
name Observable Timing Discrepancy
description Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
7.5 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112w-wyk9-aycb
VCID-112x-vy35-x7ec A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
0
alias CVE-2023-37134
0
reference_url https://github.com/weng-xianhu/eyoucms/issues/47
reference_id 47
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:10:40Z/
url https://github.com/weng-xianhu/eyoucms/issues/47
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-112x-vy35-x7ec
VCID-1131-ag8p-53hz
0
alias CVE-2019-9169
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5.1 - 5.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1131-ag8p-53hz
VCID-1137-u5g4-wuct Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
0
alias CVE-2024-33180
0
reference_url https://palm-vertebra-fe9.notion.site/saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac
reference_id saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-17T15:04:05Z/
url https://palm-vertebra-fe9.notion.site/saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac
9.8 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1137-u5g4-wuct
VCID-1138-dzvs-7qgj SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.
0
alias CVE-2022-34022
0
reference_url https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34022.html
reference_id cve-id-cve-2022-34022.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-15T15:32:15Z/
url https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34022.html
7.2 - 7.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1138-dzvs-7qgj
VCID-1139-j9cy-tkhh The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
0
alias CVE-2026-22188
0
reference_url https://seclists.org/fulldisclosure/2026/Jan/9
reference_id 9
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:23:03Z/
url https://seclists.org/fulldisclosure/2026/Jan/9
1
reference_url https://github.com/panda3d/panda3d
reference_id panda3d
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:23:03Z/
url https://github.com/panda3d/panda3d
2
reference_url https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca
reference_id panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:23:03Z/
url https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca
3
reference_url https://www.panda3d.org/
reference_id www.panda3d.org
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:23:03Z/
url https://www.panda3d.org/
0
cwe_id 457
name Use of Uninitialized Variable
description The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
1
cwe_id 789
name Memory Allocation with Excessive Size Value
description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
6.9 - 6.9 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1139-j9cy-tkhh
VCID-113a-adne-1yca Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
0
alias CVE-2025-62585
0
reference_url https://cve.naver.com/detail/cve-2025-62585.html
reference_id cve-2025-62585.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:35:56Z/
url https://cve.naver.com/detail/cve-2025-62585.html
0
cwe_id 358
name Improperly Implemented Security Check for Standard
description The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
7.5 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-113a-adne-1yca
VCID-113b-9p9m-gugt Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
0
alias CVE-2023-46197
0
reference_url https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-19-unauthenticated-subscriber-email-addresses-disclosure?_s_id=cve
reference_id wordpress-popup-by-supsystic-plugin-1-10-19-unauthenticated-subscriber-email-addresses-disclosure?_s_id=cve
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-22T17:20:18Z/
url https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-19-unauthenticated-subscriber-email-addresses-disclosure?_s_id=cve
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
5.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-113b-9p9m-gugt
VCID-113p-ef39-byff A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
0
alias CVE-2025-12333
0
reference_url https://figshare.com/s/b35b6f6f6a10d8fdc131?file=58703836
reference_id b35b6f6f6a10d8fdc131?file=58703836
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:49:13Z/
url https://figshare.com/s/b35b6f6f6a10d8fdc131?file=58703836
1
reference_url https://code-projects.org/
reference_id code-projects.org
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:49:13Z/
url https://code-projects.org/
2
reference_url https://vuldb.com/?ctiid.330120
reference_id ?ctiid.330120
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:49:13Z/
url https://vuldb.com/?ctiid.330120
3
reference_url https://vuldb.com/?id.330120
reference_id ?id.330120
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:49:13Z/
url https://vuldb.com/?id.330120
4
reference_url https://vuldb.com/?submit.674483
reference_id ?submit.674483
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:49:13Z/
url https://vuldb.com/?submit.674483
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
4.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-113p-ef39-byff
VCID-113s-fxh5-ufes The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.
0
alias CVE-2024-1371
0
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=cve
reference_id 79e786ce-a3eb-40df-8dad-4c9c75243bec?source=cve
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-30T13:38:50Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=cve
1
reference_url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3075667%40leadconnector&new=3075667%40leadconnector&sfp_email=&sfph_mail=
reference_id changeset?sfp_email=&sfph_mail=&reponame=&old=3075667%40leadconnector&new=3075667%40leadconnector&sfp_email=&sfph_mail=
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-30T13:38:50Z/
url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3075667%40leadconnector&new=3075667%40leadconnector&sfp_email=&sfph_mail=
2
reference_url https://plugins.trac.wordpress.org/browser/leadconnector/trunk/admin/class-lc-admin.php#L519
reference_id class-lc-admin.php#L519
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-30T13:38:50Z/
url https://plugins.trac.wordpress.org/browser/leadconnector/trunk/admin/class-lc-admin.php#L519
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
6.5 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-113s-fxh5-ufes
VCID-113w-3rzk-3qh6 The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
0
alias CVE-2024-12282
0
reference_url https://wpscan.com/vulnerability/2d81f038-e2bb-4906-a954-78dc971ed793/
reference_id 2d81f038-e2bb-4906-a954-78dc971ed793
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T18:55:20Z/
url https://wpscan.com/vulnerability/2d81f038-e2bb-4906-a954-78dc971ed793/
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
6.1 - 6.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-113w-3rzk-3qh6
VCID-1141-k2hw-e7c8
0
alias CVE-2016-3711
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1.9 - 1.9 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1141-k2hw-e7c8
VCID-1148-psb9-zked Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
0
alias CVE-2022-48323
0
reference_url https://asec.ahnlab.com/en/47088/
reference_id 47088
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-21T14:41:52Z/
url https://asec.ahnlab.com/en/47088/
1
reference_url https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
reference_id CNVD-2022-03672
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-21T14:41:52Z/
url https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
2
reference_url https://github.com/projectdiscovery/nuclei-templates/blob/8500efb7c5c52261229bb87b3af8a6e4e5afc877/cnvd/2022/CNVD-2022-03672.yaml
reference_id CNVD-2022-03672.yaml
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-21T14:41:52Z/
url https://github.com/projectdiscovery/nuclei-templates/blob/8500efb7c5c52261229bb87b3af8a6e4e5afc877/cnvd/2022/CNVD-2022-03672.yaml
9.8 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1148-psb9-zked
VCID-114b-vdk2-nkdc Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43.
0
alias CVE-2025-32071
0
reference_url https://gerrit.wikimedia.org/r/q/Iac1f1c27054bfd1a4a4251281ab8c72f59204a90
reference_id Iac1f1c27054bfd1a4a4251281ab8c72f59204a90
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-11T19:26:45Z/
url https://gerrit.wikimedia.org/r/q/Iac1f1c27054bfd1a4a4251281ab8c72f59204a90
1
reference_url https://phabricator.wikimedia.org/T389369
reference_id T389369
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-11T19:26:45Z/
url https://phabricator.wikimedia.org/T389369
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114b-vdk2-nkdc
VCID-114h-2ba8-qbhq Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
0
alias CVE-2024-51747
0
reference_url https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
reference_id GHSA-78pf-vg56-5p8v
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-12T01:44:34Z/
url https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
1
cwe_id 27
name Path Traversal: 'dir/../../filename'
description The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal ../ sequences that can resolve to a location that is outside of that directory.
9.1 - 9.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114h-2ba8-qbhq
VCID-114k-bnuh-2ycm 
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.

The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example,

  GET /path\r\nHTTP/1.1\r\nHost: secret.example.com

Note that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers.
0
alias CVE-2026-9658
0
reference_url https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes
reference_id changes
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-01T18:00:08Z/
url https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes
0
cwe_id 113
name Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
description The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
1
cwe_id 790
name Improper Filtering of Special Elements
description The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
7.3 - 7.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114k-bnuh-2ycm
VCID-114p-prgk-fybu security update
0
alias CVE-2004-2771
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114p-prgk-fybu
VCID-114x-aerq-u3e3 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
0
alias CVE-2024-38049
0
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38049
reference_id CVE-2024-38049
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T17:15:10Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38049
0
cwe_id 73
name External Control of File Name or Path
description The product allows user input to control or influence paths or file names that are used in filesystem operations.
6.6 - 6.6 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114x-aerq-u3e3
VCID-114y-8qqv-z7bj Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
0
alias CVE-2020-2959
0
reference_url https://security.gentoo.org/glsa/202101-09
reference_id 202101-09
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/
url https://security.gentoo.org/glsa/202101-09
1
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id cpuapr2020.html
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/
url https://www.oracle.com/security-alerts/cpuapr2020.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html
reference_id msg00001.html
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html
8.6 - 8.6 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114y-8qqv-z7bj
VCID-114z-bvr1-j3hk Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.
0
alias CVE-2026-29041
0
reference_url https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8
reference_id GHSA-4pc3-4w2v-vwx8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T15:58:24Z/
url https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8
1
reference_url https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34
reference_id v1.11.34
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T15:58:24Z/
url https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34
0
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
8.8 - 8.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-114z-bvr1-j3hk
VCID-115d-mav7-rqb6 Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
0
alias CVE-2022-39406
0
reference_url https://www.oracle.com/security-alerts/cpuoct2022.html
reference_id cpuoct2022.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:20Z/
url https://www.oracle.com/security-alerts/cpuoct2022.html
8.1 - 8.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-115d-mav7-rqb6
VCID-115t-wzvc-8ua4 PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
0
alias CVE-2024-22636
0
reference_url https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt
reference_id PluXml.txt
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T17:21:27Z/
url https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt
8.8 - 8.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-115t-wzvc-8ua4
VCID-116e-3ab2-tqcs The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.
0
alias CVE-2024-1984
0
reference_url https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=221417%40graphene%2F2.9.3&old=164915%40graphene%2F2.9
reference_id changeset?sfp_email=&sfph_mail=&reponame=&new=221417%40graphene%2F2.9.3&old=164915%40graphene%2F2.9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:44:32Z/
url https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=221417%40graphene%2F2.9.3&old=164915%40graphene%2F2.9
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f19051-fe80-469c-a514-ec3a848a4015?source=cve
reference_id e2f19051-fe80-469c-a514-ec3a848a4015?source=cve
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:44:32Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f19051-fe80-469c-a514-ec3a848a4015?source=cve
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
5.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-116e-3ab2-tqcs
VCID-116e-r5eg-kfft A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647.
0
alias CVE-2018-25072
0
reference_url https://github.com/lojban/jbovlaste/commit/6ff44c2e87b1113eb07d76ea62e1f64193b04d15
reference_id 6ff44c2e87b1113eb07d76ea62e1f64193b04d15
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T16:55:28Z/
url https://github.com/lojban/jbovlaste/commit/6ff44c2e87b1113eb07d76ea62e1f64193b04d15
1
reference_url https://vuldb.com/?ctiid.217647
reference_id ?ctiid.217647
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T16:55:28Z/
url https://vuldb.com/?ctiid.217647
2
reference_url https://vuldb.com/?id.217647
reference_id ?id.217647
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T16:55:28Z/
url https://vuldb.com/?id.217647
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
6.3 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-116e-r5eg-kfft
VCID-1174-ejez-93bd Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1.
0
alias CVE-2024-55977
0
reference_url https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve
reference_id wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-16T15:58:39Z/
url https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
9.3 - 9.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1174-ejez-93bd
VCID-1175-zd75-v3cy A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser to perform arbitrary actions with the privileges of the user on an affected system.
0
alias CVE-2018-15438
0
reference_url http://www.securitytracker.com/id/1041930
reference_id 1041930
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:27Z/
url http://www.securitytracker.com/id/1041930
1
reference_url http://www.securityfocus.com/bid/105670
reference_id 105670
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:27Z/
url http://www.securityfocus.com/bid/105670
2
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-cpca-csrf
reference_id cisco-sa-20181017-cpca-csrf
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:27Z/
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-cpca-csrf
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
6.5 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1175-zd75-v3cy
VCID-1177-q53u-q3ea The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
0
alias CVE-2020-36667
0
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/59532447-1d74-4d34-85f5-d89b65a001d8
reference_id 59532447-1d74-4d34-85f5-d89b65a001d8
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T16:25:30Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/59532447-1d74-4d34-85f5-d89b65a001d8
1
reference_url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=
reference_id changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T16:25:30Z/
url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1177-q53u-q3ea
VCID-1179-d7qy-nugf HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.
0
alias CVE-2025-30093
0
reference_url https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html
reference_id HTCONDOR-2025-0001.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:18:26Z/
url https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html
8.1 - 8.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1179-d7qy-nugf
VCID-117d-th12-uue7
0
alias CVE-2022-50785
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-117d-th12-uue7
VCID-117w-mjkp-fbbc Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts – Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through 1.4.11.
0
alias CVE-2024-43305
0
reference_url https://patchstack.com/database/vulnerability/custom-layouts/wordpress-custom-layouts-post-product-grids-made-easy-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_id wordpress-custom-layouts-post-product-grids-made-easy-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:40:42Z/
url https://patchstack.com/database/vulnerability/custom-layouts/wordpress-custom-layouts-post-product-grids-made-easy-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cve
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
6.5 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-117w-mjkp-fbbc
VCID-1185-76tr-cbd2 Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).
0
alias CVE-2020-2568
0
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id cpujan2020.html
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:05:17Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
3.9 - 3.9 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1185-76tr-cbd2
VCID-1188-a9u3-bkaj
0
alias CVE-2020-25719
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7.2 - 7.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1188-a9u3-bkaj
VCID-1188-bpbf-3ffq Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
0
alias CVE-2024-52852
0
reference_url https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html
reference_id apsb24-69.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T17:02:22Z/
url https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1188-bpbf-3ffq
VCID-118e-nr1u-8qbh music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header Extension Object has `objectSize = 0`. Version 11.12.3 fixes the issue.
0
alias CVE-2026-32256
0
reference_url https://github.com/Borewit/music-metadata/security/advisories/GHSA-v6c2-xwv6-8xf7
reference_id GHSA-v6c2-xwv6-8xf7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:04Z/
url https://github.com/Borewit/music-metadata/security/advisories/GHSA-v6c2-xwv6-8xf7
1
reference_url https://github.com/Borewit/music-metadata/releases/tag/v11.12.3
reference_id v11.12.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:04Z/
url https://github.com/Borewit/music-metadata/releases/tag/v11.12.3
0
cwe_id 835
name Loop with Unreachable Exit Condition ('Infinite Loop')
description The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
7.5 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-118e-nr1u-8qbh
VCID-118g-q47d-b7hs
0
alias CVE-2016-6987
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6.8 - 6.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-118g-q47d-b7hs
VCID-118m-qe1t-2bch IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0
alias CVE-2024-43184
0
reference_url https://www.ibm.com/support/pages/node/7244013
reference_id 7244013
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T17:39:37Z/
url https://www.ibm.com/support/pages/node/7244013
1
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
6.1 - 6.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-118m-qe1t-2bch
VCID-118u-8mtx-fqcr Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.
0
alias CVE-2025-21054
0
reference_url https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10
reference_id securityUpdate.smsb?year=2025&month=10
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T17:54:09Z/
url https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10
0
cwe_id 125
name Out-of-bounds Read
description The product reads data past the end, or before the beginning, of the intended buffer.
4.0 - 4.0 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-118u-8mtx-fqcr
VCID-1191-6yfr-jfan KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.
0
alias CVE-2026-34940
0
reference_url https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr
reference_id GHSA-324q-cwx9-7crr
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:45:38Z/
url https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
8.7 - 8.7 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1191-6yfr-jfan
VCID-1194-q73v-43d6 Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files to the publicly accessible media directory, then request the file over HTTP to achieve full server compromise.
0
alias CVE-2026-6249
0
reference_url https://github.com/givanz/Vvveb/commit/23ac0e8c758d80f3c4d9224763c8b2359648270e
reference_id 23ac0e8c758d80f3c4d9224763c8b2359648270e
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:43:08Z/
url https://github.com/givanz/Vvveb/commit/23ac0e8c758d80f3c4d9224763c8b2359648270e
1
reference_url https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-upload
reference_id vvveb-cms-remote-code-execution-via-media-upload
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:43:08Z/
url https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-upload
0
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
8.7 - 8.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1194-q73v-43d6
VCID-1196-ugpe-6bda Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1.
0
alias CVE-2026-2349
0
reference_url https://www.drupal.org/sa-contrib-2026-010
reference_id sa-contrib-2026-010
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:03:26Z/
url https://www.drupal.org/sa-contrib-2026-010
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
6.1 - 6.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1196-ugpe-6bda
VCID-1197-wp1d-yff2 
Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
0
alias CVE-2026-47313
0
reference_url https://github.com/Samsung/escargot/pull/1565
reference_id 1565
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T13:17:37Z/
url https://github.com/Samsung/escargot/pull/1565
0
cwe_id 789
name Memory Allocation with Excessive Size Value
description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1197-wp1d-yff2
VCID-1198-xdhs-e7gy The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
0
alias CVE-2025-32898
0
reference_url https://kde.org/info/security/advisory-20250418-3.txt
reference_id advisory-20250418-3.txt
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:40:10Z/
url https://kde.org/info/security/advisory-20250418-3.txt
1
reference_url https://kdeconnect.kde.org
reference_id kdeconnect.kde.org
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T14:40:10Z/
url https://kdeconnect.kde.org
0
cwe_id 331
name Insufficient Entropy
description The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
4.7 - 4.7 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-1198-xdhs-e7gy
VCID-119j-rb2m-2fcc A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
0
alias CVE-2026-8217
0
reference_url https://vuldb.com/vuln/362434
reference_id 362434
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:07:26Z/
url https://vuldb.com/vuln/362434
1
reference_url https://gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb
reference_id 6ccc2356e7e0a26f7b8a6bd6f0d84bbb
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:07:26Z/
url https://gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb
2
reference_url https://vuldb.com/submit/808262
reference_id 808262
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:07:26Z/
url https://vuldb.com/submit/808262
3
reference_url https://vuldb.com/vuln/362434/cti
reference_id cti
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:07:26Z/
url https://vuldb.com/vuln/362434/cti
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5.3 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-119j-rb2m-2fcc
VCID-119z-9e1s-h7b4 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
0
alias CVE-2014-1666
0
reference_url https://xenbits.xen.org/xsa/advisory-87.html
reference_id XSA-87
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-87.html
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-119z-9e1s-h7b4
VCID-11ah-4pmq-aydc The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to delete surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
alias CVE-2025-13140
0
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/5d96ea1b-1763-4a54-bd67-ac29175e9e01?source=cve
reference_id 5d96ea1b-1763-4a54-bd67-ac29175e9e01?source=cve
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:13:17Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/5d96ea1b-1763-4a54-bd67-ac29175e9e01?source=cve
1
reference_url https://plugins.trac.wordpress.org/changeset/3403869/surveyjs/trunk/ajax_handlers/delete_survey.php
reference_id delete_survey.php
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:13:17Z/
url https://plugins.trac.wordpress.org/changeset/3403869/surveyjs/trunk/ajax_handlers/delete_survey.php
2
reference_url https://plugins.trac.wordpress.org/browser/surveyjs/tags/1.12.20/ajax_handlers/delete_survey.php#L12
reference_id delete_survey.php#L12
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:13:17Z/
url https://plugins.trac.wordpress.org/browser/surveyjs/tags/1.12.20/ajax_handlers/delete_survey.php#L12
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
4.3 - 4.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ah-4pmq-aydc
VCID-11ah-ukzq-k7ch CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations (Zip Slip) and achieve remote code execution by dropping a PHP file under the public web root. This issue has been patched in version 0.31.5.0.
0
alias CVE-2026-41202
0
reference_url https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0
reference_id 0.31.5.0
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T12:39:58Z/
url https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0
1
reference_url https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xp9f-pvvc-57p4
reference_id GHSA-xp9f-pvvc-57p4
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T12:39:58Z/
url https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xp9f-pvvc-57p4
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9.4 - 9.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ah-ukzq-k7ch
VCID-11ak-2y1r-u3gj A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
0
alias CVE-2024-4547
0
reference_url https://www.tenable.com/security/research/tra-2024-13
reference_id tra-2024-13
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T18:33:49Z/
url https://www.tenable.com/security/research/tra-2024-13
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
9.8 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ak-2y1r-u3gj
VCID-11av-7weg-p3h7 python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.
0
alias CVE-2022-39227
0
reference_url https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
reference_id 88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T20:53:18Z/
url https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
1
reference_url https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt
reference_id authentication-bypass-in-python-jwt
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T20:53:18Z/
url https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt
2
reference_url https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp
reference_id GHSA-5p8v-58qm-c7fp
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T20:53:18Z/
url https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp
3
reference_url https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml
reference_id PYSEC-2022-259.yaml
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T20:53:18Z/
url https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml
0
cwe_id 290
name Authentication Bypass by Spoofing
description This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
9.1 - 9.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11av-7weg-p3h7
VCID-11b2-u52g-wygu In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A
0
alias CVE-2022-20569
0
reference_url https://source.android.com/security/bulletin/pixel/2022-12-01
reference_id 2022-12-01
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T12:58:04Z/
url https://source.android.com/security/bulletin/pixel/2022-12-01
6.7 - 6.7 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11b2-u52g-wygu
VCID-11b7-tme1-kqa7 OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if the request results in a unsuccessful request (i.e. HTTP 4xx or 5xx), the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured back-end/collector endpoint is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned by the response. This vulnerability is fixed in 1.15.2.
0
alias CVE-2026-40182
0
reference_url https://github.com/open-telemetry/opentelemetry-dotnet/pull/6564
reference_id 6564
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:38:48Z/
url https://github.com/open-telemetry/opentelemetry-dotnet/pull/6564
1
reference_url https://github.com/open-telemetry/opentelemetry-dotnet/pull/7017
reference_id 7017
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:38:48Z/
url https://github.com/open-telemetry/opentelemetry-dotnet/pull/7017
2
reference_url https://github.com/open-telemetry/opentelemetry-proto/pull/781
reference_id 781
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:38:48Z/
url https://github.com/open-telemetry/opentelemetry-proto/pull/781
3
reference_url https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-q834-8qmm-v933
reference_id GHSA-q834-8qmm-v933
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:38:48Z/
url https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-q834-8qmm-v933
0
cwe_id 789
name Memory Allocation with Excessive Size Value
description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
5.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11b7-tme1-kqa7
VCID-11bc-dk1h-3beu Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
0
alias CVE-2025-59793
0
reference_url https://www.rcesecurity.com/advisories/cve-2025-59793/
reference_id cve-2025-59793
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-21T21:22:56Z/
url https://www.rcesecurity.com/advisories/cve-2025-59793/
1
reference_url https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise
reference_id rocket-trufusion-enterprise
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-21T21:22:56Z/
url https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise
2
reference_url https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion
reference_id trufusion
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-21T21:22:56Z/
url https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion
3
reference_url https://www.rcesecurity.com
reference_id www.rcesecurity.com
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-21T21:22:56Z/
url https://www.rcesecurity.com
9.4 - 9.9 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11bc-dk1h-3beu
VCID-11be-jq1h-wydp The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
alias CVE-2024-6309
0
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve
reference_id 7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-29T18:09:59Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve
1
reference_url https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130
reference_id attachment-file-icons.php#L130
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-29T18:09:59Z/
url https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130
2
reference_url https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L337
reference_id attachment-file-icons.php#L337
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-29T18:09:59Z/
url https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L337
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
8.8 - 8.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11be-jq1h-wydp
VCID-11bm-gmth-jkat The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.
0
alias CVE-2022-32828
0
reference_url https://support.apple.com/en-us/HT213342
reference_id HT213342
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:28:19Z/
url https://support.apple.com/en-us/HT213342
1
reference_url https://support.apple.com/en-us/HT213345
reference_id HT213345
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:28:19Z/
url https://support.apple.com/en-us/HT213345
2
reference_url https://support.apple.com/en-us/HT213346
reference_id HT213346
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:28:19Z/
url https://support.apple.com/en-us/HT213346
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11bm-gmth-jkat
VCID-11bv-t9g3-yfam A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
0
alias CVE-2022-26136
0
reference_url https://jira.atlassian.com/browse/BAM-21795
reference_id BAM-21795
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/BAM-21795
1
reference_url https://jira.atlassian.com/browse/BSERV-13370
reference_id BSERV-13370
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/BSERV-13370
2
reference_url https://jira.atlassian.com/browse/CONFSERVER-79476
reference_id CONFSERVER-79476
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/CONFSERVER-79476
3
reference_url https://jira.atlassian.com/browse/CRUC-8541
reference_id CRUC-8541
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/CRUC-8541
4
reference_url https://jira.atlassian.com/browse/CWD-5815
reference_id CWD-5815
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/CWD-5815
5
reference_url https://jira.atlassian.com/browse/FE-7410
reference_id FE-7410
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/FE-7410
6
reference_url https://jira.atlassian.com/browse/JRASERVER-73897
reference_id JRASERVER-73897
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/JRASERVER-73897
7
reference_url https://jira.atlassian.com/browse/JSDSERVER-11863
reference_id JSDSERVER-11863
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T15:26:49Z/
url https://jira.atlassian.com/browse/JSDSERVER-11863
0
cwe_id 180
name Incorrect Behavior Order: Validate Before Canonicalize
description The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.
9.8 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11bv-t9g3-yfam
VCID-11c1-25tp-vueq Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
0
alias CVE-2023-29318
0
reference_url https://helpx.adobe.com/security/products/indesign/apsb23-38.html
reference_id apsb23-38.html
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:35:13Z/
url https://helpx.adobe.com/security/products/indesign/apsb23-38.html
0
cwe_id 125
name Out-of-bounds Read
description The product reads data past the end, or before the beginning, of the intended buffer.
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11c1-25tp-vueq
VCID-11c3-mxha-67ey An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.
0
alias CVE-2025-67818
0
reference_url https://github.com/weaviate/weaviate
reference_id weaviate
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T19:15:23Z/
url https://github.com/weaviate/weaviate
1
reference_url https://weaviate.io/blog/weaviate-security-release-november-2025
reference_id weaviate-security-release-november-2025
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-12T19:15:23Z/
url https://weaviate.io/blog/weaviate-security-release-november-2025
7.2 - 7.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11c3-mxha-67ey
VCID-11c6-evch-byb8 Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. This vulnerability is fixed in 3.39.0.
0
alias CVE-2026-48153
0
reference_url https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq
reference_id GHSA-4q6h-8p4v-67vq
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T18:02:24Z/
url https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq
0
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
8.5 - 8.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11c6-evch-byb8
VCID-11ca-vzzj-wkhp Memory corruption while processing the update SIM PB records request.
0
alias CVE-2024-33031
0
reference_url https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
reference_id november-2024-bulletin.html
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-04T11:14:14Z/
url https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
6.7 - 6.7 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ca-vzzj-wkhp
VCID-11cb-jmte-1ycr
0
alias CVE-2017-7776
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5.8 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cb-jmte-1ycr
VCID-11cc-8y2h-5bbs
0
alias CVE-2024-35964
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://git.kernel.org/stable/c/0c4a89f4690478969729c7ba5f69d53d8516aa12
reference_id 0c4a89f4690478969729c7ba5f69d53d8516aa12
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:40:26Z/
url https://git.kernel.org/stable/c/0c4a89f4690478969729c7ba5f69d53d8516aa12
2
reference_url https://git.kernel.org/stable/c/6a6baa1ee7a9df33adbf932305053520b9741b35
reference_id 6a6baa1ee7a9df33adbf932305053520b9741b35
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:40:26Z/
url https://git.kernel.org/stable/c/6a6baa1ee7a9df33adbf932305053520b9741b35
3
reference_url https://git.kernel.org/stable/c/9e8742cdfc4b0e65266bb4a901a19462bda9285e
reference_id 9e8742cdfc4b0e65266bb4a901a19462bda9285e
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:40:26Z/
url https://git.kernel.org/stable/c/9e8742cdfc4b0e65266bb4a901a19462bda9285e
4
reference_url https://git.kernel.org/stable/c/cec736e60dc18d91b88af28d96664bff284b02d1
reference_id cec736e60dc18d91b88af28d96664bff284b02d1
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:40:26Z/
url https://git.kernel.org/stable/c/cec736e60dc18d91b88af28d96664bff284b02d1
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cc-8y2h-5bbs
VCID-11cc-bmbb-7yd6 The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
0
alias CVE-2024-3965
0
reference_url https://wpscan.com/vulnerability/0e1ba2b3-5849-42f6-b503-8b3b520e4a79/
reference_id 0e1ba2b3-5849-42f6-b503-8b3b520e4a79
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T13:42:39Z/
url https://wpscan.com/vulnerability/0e1ba2b3-5849-42f6-b503-8b3b520e4a79/
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cc-bmbb-7yd6
VCID-11cd-jk4d-5kb4 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
0
alias CVE-2026-30571
0
reference_url https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewCategory-limit.md
reference_id XSS-ViewCategory-limit.md
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T16:06:26Z/
url https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewCategory-limit.md
6.1 - 6.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cd-jk4d-5kb4
VCID-11cm-rqzj-byej In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.
0
alias CVE-2025-20681
0
reference_url https://corp.mediatek.com/product-security-bulletin/July-2025
reference_id July-2025
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-08T13:59:04Z/
url https://corp.mediatek.com/product-security-bulletin/July-2025
0
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
9.8 - 9.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cm-rqzj-byej
VCID-11cu-5697-73ht The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.
0
alias CVE-2026-1779
0
reference_url https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246
reference_id AJAX.php#L246
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T14:36:20Z/
url https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve
reference_id d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T14:36:20Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve
0
cwe_id 288
name Authentication Bypass Using an Alternate Path or Channel
description A product requires authentication, but the product has an alternate path or channel that does not require authentication.
8.1 - 8.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11cu-5697-73ht
VCID-11d2-ydqh-wyau The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
0
alias CVE-2023-39732
0
reference_url https://liff.line.me/1657574837-elb6bNQj
reference_id 1657574837-elb6bNQj
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:32:29Z/
url https://liff.line.me/1657574837-elb6bNQj
1
reference_url https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md
reference_id CVE-2023-39732.md
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:32:29Z/
url https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11d2-ydqh-wyau
VCID-11d3-dw2q-hyhe Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
0
alias CVE-2025-39240
0
reference_url https://www.hikvision.com/en/support/cybersecurity/security-advisory/remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point/
reference_id remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:15:35Z/
url https://www.hikvision.com/en/support/cybersecurity/security-advisory/remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point/
7.2 - 7.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11d3-dw2q-hyhe
VCID-11d5-bpfm-zkdy 
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an
unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to
reboot the workstation and interrupt the normal boot process.
0
alias CVE-2025-0813
0
reference_url https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-02.pdf
reference_id files?p_Doc_Ref=SEVD-2025-070-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-02.pdf
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:57:54Z/
url https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-02.pdf
0
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
6.8 - 7.0 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11d5-bpfm-zkdy
VCID-11d7-cvv8-hua2 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

 This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.
0
alias CVE-2023-20010
0
reference_url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
reference_id cisco-sa-cucm-sql-rpPczR8n
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T21:01:19Z/
url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
8.1 - 8.1 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11d7-cvv8-hua2
VCID-11dg-npz9-nkdc Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9.
0
alias CVE-2026-39611
0
reference_url https://patchstack.com/database/Wordpress/Theme/kuteshop/vulnerability/wordpress-kuteshop-theme-4-2-9-local-file-inclusion-vulnerability?_s_id=cve
reference_id wordpress-kuteshop-theme-4-2-9-local-file-inclusion-vulnerability?_s_id=cve
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T16:27:01Z/
url https://patchstack.com/database/Wordpress/Theme/kuteshop/vulnerability/wordpress-kuteshop-theme-4-2-9-local-file-inclusion-vulnerability?_s_id=cve
0
cwe_id 98
name Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in require, include, or similar functions.
7.5 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11dg-npz9-nkdc
VCID-11e1-rxud-6ugz The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
0
alias CVE-2022-2936
0
reference_url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=
reference_id changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:47:39Z/
url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=
1
reference_url https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936
reference_id #CVE-2022-2936
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:47:39Z/
url https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
6.4 - 6.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11e1-rxud-6ugz
VCID-11ea-v2ns-tqfb OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and tenant scoping is disabled. This allows attackers to access project data belonging to other tenants, read sensitive User fields via nested relations, leak plaintext resetPasswordToken, and reset the victim’s password and fully take over the account. This results in cross‑tenant data exposure and full account takeover. This vulnerability is fixed in 10.0.21.
0
alias CVE-2026-30956
0
reference_url https://github.com/OneUptime/oneuptime/releases/tag/10.0.21
reference_id 10.0.21
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T18:25:16Z/
url https://github.com/OneUptime/oneuptime/releases/tag/10.0.21
1
reference_url https://github.com/OneUptime/oneuptime/security/advisories/GHSA-r5v6-2599-9g3m
reference_id GHSA-r5v6-2599-9g3m
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T18:25:16Z/
url https://github.com/OneUptime/oneuptime/security/advisories/GHSA-r5v6-2599-9g3m
0
cwe_id 285
name Improper Authorization
description The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
1
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
10.0 - 10.0 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ea-v2ns-tqfb
VCID-11eg-2ma1-s3g5 A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
0
alias CVE-2025-10760
0
reference_url https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md
reference_id 58ead8e7e08bfb019.md
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T14:10:08Z/
url https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md
1
reference_url https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md#poc
reference_id 58ead8e7e08bfb019.md#poc
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T14:10:08Z/
url https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md#poc
2
reference_url https://vuldb.com/?ctiid.325115
reference_id ?ctiid.325115
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T14:10:08Z/
url https://vuldb.com/?ctiid.325115
3
reference_url https://vuldb.com/?id.325115
reference_id ?id.325115
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T14:10:08Z/
url https://vuldb.com/?id.325115
4
reference_url https://vuldb.com/?submit.646843
reference_id ?submit.646843
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-22T14:10:08Z/
url https://vuldb.com/?submit.646843
0
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
5.3 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11eg-2ma1-s3g5
VCID-11ej-efxr-a7bg
0
alias CVE-2024-38632
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376
reference_id 0bd22a4966d55f1d2c127a53300d5c2b50152376
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:02Z/
url https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376
2
reference_url https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140
reference_id 35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:02Z/
url https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140
3
reference_url https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2
reference_id 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:02Z/
url https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2
4
reference_url https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079
reference_id 91ced077db2062604ec270b1046f8337e9090079
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:02Z/
url https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079
5
reference_url https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594
reference_id a6d810554d7d9d07041f14c5fcd453f3d3fed594
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:02Z/
url https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ej-efxr-a7bg
VCID-11ey-529e-1bb8
0
alias CVE-2024-47176
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
reference_id Attacking-UNIX-systems-via-CUPS-Part-I
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
2
reference_url https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992
reference_id cups-browsed.c#L13992
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992
3
reference_url https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
reference_id GHSA-7xfx-47qg-grp6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
4
reference_url https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
reference_id GHSA-p9rh-jxmq-gq47
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
5
reference_url https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
reference_id GHSA-rj88-6mr5-rcw8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
6
reference_url https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
reference_id GHSA-w63j-6g73-wmg5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
7
reference_url https://www.cups.org
reference_id www.cups.org
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:10:15Z/
url https://www.cups.org
0
cwe_id 1327
name Binding to an Unrestricted IP Address
description The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
5.3 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ey-529e-1bb8
VCID-11f7-csrn-8qca Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
0
alias CVE-2024-39929
0
reference_url https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b
reference_id 1b3209b0577a9327ebb076f3b32b8a159c253f7b
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/
url https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b
1
reference_url https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357
reference_id 6ce5c70cff8989418e05d01fd2a57703007a6357
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/
url https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357
2
reference_url https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3
reference_id exim-4.98-RC2...exim-4.98-RC3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/
url https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3
3
reference_url https://www.rfc-editor.org/rfc/rfc2231.txt
reference_id rfc2231.txt
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/
url https://www.rfc-editor.org/rfc/rfc2231.txt
4
reference_url https://bugs.exim.org/show_bug.cgi?id=3099#c4
reference_id show_bug.cgi?id=3099#c4
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/
url https://bugs.exim.org/show_bug.cgi?id=3099#c4
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11f7-csrn-8qca
VCID-11f9-gupy-a3aj Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Manager). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Virtual Directory accessible data as well as unauthorized read access to a subset of Oracle Virtual Directory accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Virtual Directory. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
0
alias CVE-2018-3253
0
reference_url http://www.securityfocus.com/bid/105653
reference_id 105653
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url http://www.securityfocus.com/bid/105653
1
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id cpuoct2018-4428296.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
null null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11f9-gupy-a3aj
VCID-11fa-418k-gqab The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
0
alias CVE-2023-30950
0
reference_url https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a
reference_id ?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:26:12Z/
url https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a
0
cwe_id 290
name Authentication Bypass by Spoofing
description This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
6.5 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11fa-418k-gqab
VCID-11ff-hc3r-cbbm A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
0
alias CVE-2026-2197
0
reference_url https://github.com/tiancesec/CVE/issues/18
reference_id 18
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:47:55Z/
url https://github.com/tiancesec/CVE/issues/18
1
reference_url https://code-projects.org/
reference_id code-projects.org
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:47:55Z/
url https://code-projects.org/
2
reference_url https://vuldb.com/?ctiid.344900
reference_id ?ctiid.344900
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:47:55Z/
url https://vuldb.com/?ctiid.344900
3
reference_url https://vuldb.com/?id.344900
reference_id ?id.344900
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:47:55Z/
url https://vuldb.com/?id.344900
4
reference_url https://vuldb.com/?submit.750012
reference_id ?submit.750012
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:47:55Z/
url https://vuldb.com/?submit.750012
0
cwe_id 74
name Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
1
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
6.9 - 7.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ff-hc3r-cbbm
VCID-11ff-v1es-73au The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.
0
alias CVE-2024-13752
0
reference_url https://plugins.trac.wordpress.org/changeset/3239348/
reference_id 3239348
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://plugins.trac.wordpress.org/changeset/3239348/
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve
reference_id bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve
2
reference_url https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=
reference_id changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=
3
reference_url https://wordpress.org/plugins/wedevs-project-manager/#developers
reference_id #developers
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://wordpress.org/plugins/wedevs-project-manager/#developers
4
reference_url https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255
reference_id Upgrade_2_0.php#L255
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255
5
reference_url https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151
reference_id Upgrade_2_3.php#L151
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T21:28:38Z/
url https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
6.5 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ff-v1es-73au
VCID-11fk-crfn-9qbn 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.


A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.



This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
0
alias CVE-2025-3872
0
reference_url https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55571-centreon-web-high-severity-4496
reference_id cve-2024-55571-centreon-web-high-severity-4496
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:43:54Z/
url https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55571-centreon-web-high-severity-4496
1
reference_url https://github.com/centreon/centreon/releases
reference_id releases
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:43:54Z/
url https://github.com/centreon/centreon/releases
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
7.2 - 7.2 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11fk-crfn-9qbn
VCID-11fm-a1bs-j3br The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk_save' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to update the last modified metadata and lock the modification date of arbitrary posts, including those created by Administrators via the 'post_ids' parameter.
0
alias CVE-2025-14608
0
reference_url https://plugins.trac.wordpress.org/changeset/3450167/
reference_id 3450167
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-17T15:03:12Z/
url https://plugins.trac.wordpress.org/changeset/3450167/
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/ca94c815-488f-4d86-a642-39d2de803763?source=cve
reference_id ca94c815-488f-4d86-a642-39d2de803763?source=cve
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-17T15:03:12Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/ca94c815-488f-4d86-a642-39d2de803763?source=cve
2
reference_url https://github.com/iamsayan/wp-last-modified-info/commit/cb3586897c11c3cd55dd63b7ae963243a027c0be
reference_id cb3586897c11c3cd55dd63b7ae963243a027c0be
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-17T15:03:12Z/
url https://github.com/iamsayan/wp-last-modified-info/commit/cb3586897c11c3cd55dd63b7ae963243a027c0be
3
reference_url https://plugins.trac.wordpress.org/browser/wp-last-modified-info/tags/1.9.5/inc/Core/Backend/EditScreen.php#L249
reference_id EditScreen.php#L249
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-17T15:03:12Z/
url https://plugins.trac.wordpress.org/browser/wp-last-modified-info/tags/1.9.5/inc/Core/Backend/EditScreen.php#L249
4
reference_url https://plugins.trac.wordpress.org/browser/wp-last-modified-info/trunk/inc/Core/Backend/EditScreen.php#L249
reference_id EditScreen.php#L249
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-17T15:03:12Z/
url https://plugins.trac.wordpress.org/browser/wp-last-modified-info/trunk/inc/Core/Backend/EditScreen.php#L249
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
5.3 - 5.3 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11fm-a1bs-j3br
VCID-11fm-qbca-63av CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name (e.g., full name / username). An attacker can inject a malicious JavaScript payload into their profile name, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This vulnerability is fixed in 31.0.0.0.
0
alias CVE-2026-34989
0
reference_url https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-vr2g-rhm5-q4jr
reference_id GHSA-vr2g-rhm5-q4jr
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-07T15:57:55Z/
url https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-vr2g-rhm5-q4jr
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
9.4 - 9.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11fm-qbca-63av
VCID-11ft-4nn4-6qbn A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
0
alias CVE-2018-25043
0
reference_url https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
reference_id detail?id=1524
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:10:44Z/
url https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
1
reference_url http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
reference_id efaq.html
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:10:44Z/
url http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
2
reference_url https://vuldb.com/?id.113806
reference_id ?id.113806
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:10:44Z/
url https://vuldb.com/?id.113806
0
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5.0 - 5.0 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11ft-4nn4-6qbn
VCID-11g4-mnvq-2ug3 
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie.

This issue affects Apache Oozie: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
0
alias CVE-2025-26796
0
reference_url https://lists.apache.org/thread/fzrmsslnrpl0vpp0jr73fosmfjv4omdq
reference_id fzrmsslnrpl0vpp0jr73fosmfjv4omdq
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:04:20Z/
url https://lists.apache.org/thread/fzrmsslnrpl0vpp0jr73fosmfjv4omdq
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11g4-mnvq-2ug3
VCID-11gc-gfre-v3hm A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
0
alias CVE-2025-11486
0
reference_url https://github.com/DrNbnonono/CVE/issues/10
reference_id 10
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:24:54Z/
url https://github.com/DrNbnonono/CVE/issues/10
1
reference_url https://vuldb.com/?ctiid.327603
reference_id ?ctiid.327603
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:24:54Z/
url https://vuldb.com/?ctiid.327603
2
reference_url https://vuldb.com/?id.327603
reference_id ?id.327603
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:24:54Z/
url https://vuldb.com/?id.327603
3
reference_url https://vuldb.com/?submit.667414
reference_id ?submit.667414
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:24:54Z/
url https://vuldb.com/?submit.667414
4
reference_url https://www.sourcecodester.com/
reference_id www.sourcecodester.com
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T14:24:54Z/
url https://www.sourcecodester.com/
0
cwe_id 74
name Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
1
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
5.3 - 6.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11gc-gfre-v3hm
VCID-11gj-6bnt-jyg4 An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
0
alias CVE-2019-0863
0
reference_url http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html
reference_id Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T16:16:56Z/
url http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html
1
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863
reference_id CVE-2019-0863
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T16:16:56Z/
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863
7.8 - 7.8 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11gj-6bnt-jyg4
VCID-11gr-y5wk-53hf Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6.
0
alias CVE-2025-32247
0
reference_url https://patchstack.com/database/wordpress/plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
reference_id wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T20:14:47Z/
url https://patchstack.com/database/wordpress/plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
5.4 - 5.4 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11gr-y5wk-53hf
VCID-11gw-xq84-sqf3
0
alias CVE-2021-47196
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://git.kernel.org/stable/c/6cd7397d01c4a3e09757840299e4f114f0aa5fa0
reference_id 6cd7397d01c4a3e09757840299e4f114f0aa5fa0
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:32:29Z/
url https://git.kernel.org/stable/c/6cd7397d01c4a3e09757840299e4f114f0aa5fa0
2
reference_url https://git.kernel.org/stable/c/b70e072feffa0ba5c41a99b9524b9878dee7748e
reference_id b70e072feffa0ba5c41a99b9524b9878dee7748e
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:32:29Z/
url https://git.kernel.org/stable/c/b70e072feffa0ba5c41a99b9524b9878dee7748e
5.5 - 5.5 null null null http://public2.vulnerablecode.io/vulnerabilities/VCID-11gw-xq84-sqf3