51 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

12 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successf... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

03 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1. The Nasa Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whe... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

21 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can... • https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

16 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. The Nasa Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution ... • https://github.com/blackgirlinfosec/cve-lfi-lab • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-252: Unchecked Return Value •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). • https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-489: Active Debug Code •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking. • https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

01 Apr 2025 — CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent uns... • https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •

CVSS: 9.7EPSS: 1%CPEs: 1EXPL: 1

25 Mar 2025 — CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overf... • https://github.com/oliviaisntcringe/CVE-2025-30216-PoC • CWE-122: Heap-based Buffer Overflow •