Lucene search
K

129 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

RockyLinux 8 : freeradius:3.0 (RLSA-2023:2870)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References7
OSV
OSV
added 2026/06/06 9:32 a.m.9 views

ECHO-CEF4-2870-B604

Bulletin has no description...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References2
Circl
Circl
added 2026/02/21 5:38 p.m.17 views

CVE-2026-2870

creationtimestamp| type| source ---|---|--- 2026-02-21 17:38:28+00:00| published-proof-of-concept| https://t.me/realcodeb0ss/333 2026-03-02 13:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg3ewv4gch2u...

9CVSS8.1AI score0.00588EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/21 2:32 p.m.6 views

CVE-2026-2870 Tenda A21 formSetQosBand set_qosMib_list stack-based overflow

A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function setqosMiblist of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to th...

9CVSS8.9AI score0.00588EPSS
Exploits1References5
CVE
CVE
added 2026/02/21 2:32 p.m.19 views

CVE-2026-2870

CVE-2026-2870 affects Tenda A21 firmware 1.0.0.0, where the function set_qosMib_list in /goform/formSetQosBand suffers a stack-based buffer overflow. The argument list manipulation can be triggered remotely, and a public exploit exists, indicating practical risk. The provided details specify remo...

9CVSS6.3AI score0.00588EPSS
Exploits1References5Affected Software1
Amazon
Amazon
added 2025/05/29 12:0 a.m.4 views

Important: cri-tools

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...

9.8CVSS6.9AI score0.01952EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.6 views

Amazon Linux 2 : cri-tools (ALAS-2025-2870)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2870 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning...

9.8CVSS7.3AI score0.01952EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.7 views

CVE-2023-2870

A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host...

5.5CVSS6.6AI score0.00349EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.6 views

CVE-2022-2870

A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned...

9.8CVSS6.9AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:10 p.m.9 views

CVE-2005-2870

Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses...

7.5CVSS7.5AI score0.02798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/30 11:17 a.m.14 views

CVE-2025-2870

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

4.8CVSS6.2AI score0.00198EPSS
Exploits0References3
Circl
Circl
added 2025/03/28 11:28 a.m.10 views

CVE-2025-2870

creationtimestamp| type| source ---|---|--- 2025-03-28 11:28:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9315 2025-03-28 13:33:47+00:00| seen| https://t.me/cvedetector/21392 2025-08-10 18:27:45+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:59+00:00| seen|...

6.1CVSS5.3AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 2025/03/28 11:15 a.m.10 views

CVE-2025-2870

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

6.1CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 10:49 a.m.6 views

CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

4.8CVSS6.1AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 10:49 a.m.71 views

CVE-2025-2870

CVE-2025-2870 is a reflected Cross-Site Scripting (XSS) vulnerability in the Clinic Queuing System v1.0. The issue arises via the page parameter in /patient_side.php, enabling an attacker to induce the victim’s browser to execute injected JavaScript when the link is used. This is documented acros...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/28 10:49 a.m.15 views

CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

4.8CVSS0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/15 12:0 a.m.15 views

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...

6.1CVSS5.7AI score0.0042EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/07/13 6:15 a.m.17 views

CVE-2024-2870

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.0042EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.29 views

CVE-2024-2870 Swift Framework < 2024.04.30 - Reflected XSS

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.0042EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.57 views

CVE-2024-2870

The CVE-2024-2870 concerns the WordPress plugin socialdriver-framework (versions before 2024.04.30). A parameter is not properly sanitized/escaped before being reflected in the page, causing a Reflected Cross‑Site Scripting (XSS) vulnerability. The issue could be exploited against high‑privilege ...

6.1CVSS6AI score0.0042EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder