Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.6 views

CVE-2025-12880

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

5.4CVSS4.9AI score0.00142EPSS
Exploits0References1
Circl
Circl
added 2025/11/11 6:4 a.m.4 views

CVE-2025-12880

creationtimestamp| type| source ---|---|--- 2025-11-11 06:04:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5dhqku5zu2s...

5.4CVSS5.7AI score0.00142EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/11 1:18 a.m.4 views

WordPress Progress Bar Blocks for Gutenberg plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Progress Bar Blocks for Gutenberg versions = 1.0.0...

5.4CVSS5.5AI score0.00142EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/08/31 3:1 a.m.5 views

CVE-2018-12880

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:35+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

5.5CVSS5.9AI score0.05463EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 a.m.5 views

CVE-2019-12880

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...

4.3CVSS6.9AI score0.0142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:27 p.m.8 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS6.7AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.8AI score0.00641EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:9 a.m.82 views

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/06/21 12:0 a.m.36 views

SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2021:2010-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2010-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. File data...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/20 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2021:2010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2017:3370-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9AI score
Exploits0References2
CVE
CVE
added 2020/07/27 10:10 p.m.97 views

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

5.5CVSS5.5AI score0.00477EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/06/24 6:39 p.m.55 views

CVE-2019-12880

CVE-2019-12880 affects BCN Quark Quarking Password Manager (v3.1.84). The issue is a clickjacking vulnerability caused by allowing a wildcard (*) in web_accessible_resources, enabling a malicious page to load the password manager UI in a framed context. This could allow attackers to trick users i...

4.3CVSS4.6AI score0.0142EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/10/12 6:29 p.m.1 views

CVE-2018-12880

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

5.5CVSS5.8AI score0.05463EPSS
Exploits0References3
CVE
CVE
added 2018/10/12 6:0 p.m.70 views

CVE-2018-12880

CVE-2018-12880 affects Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier. The vulnerability is an out-of-bounds read in the affected components, which could lead to information disclosure. This CVE is listed with a base CVSS s...

5.5CVSS5.6AI score0.05463EPSS
Exploits0References3Affected Software2
Check Point Advisories
Check Point Advisories
added 2018/10/02 12:0 a.m.4 views

Adobe Acrobat and Reader Out-of-bounds read (APSB18-30: CVE-2018-12880)

A out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

4.3CVSS5.8AI score0.05463EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.29 views

openSUSE Security Update : python-PyJWT (openSUSE-2017-1408)

This update for python-PyJWT fixes the following issues : - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys bsc1054106 This update was imported from the SUSE:SLE-12-SP1:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

7.4AI score
Exploits0References2
Rows per page
Query Builder