Lucene search
K

26 matches found

NVD
NVD
added 10 hours ago5 views

CVE-2026-61958

Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through = 3.0.17...

5.4CVSS
Exploits0References1
OSV
OSV
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25449

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/20 10:56 p.m.26 views

CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS0.00251EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:56 p.m.6 views

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS5.1AI score0.0013EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

OrientDB 跨站请求伪造漏洞

OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a vulnerability related to cross-site request forgeing. This vulnerability stems from the lack of token verification at endpoints, which may lead to cross-site request forgeing attac...

5.3CVSS5.7AI score0.0013EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

OrientDB 跨站脚本漏洞

OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

OrientDB 跨站脚本漏洞

OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the name parameter, which may lead to storage-based cross-site scripting attacks...

6.4CVSS5.7AI score0.00251EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.14 views

PT-2026-21318

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS5.7AI score0.00251EPSS
Exploits1References4
CVE
CVE
added 2025/08/05 12:2 a.m.18 views

CVE-2025-54870

VTun-ng (virtual tunnel over TCP/IP) contains a vulnerability in versions 3.0.17 and earlier where failure to initialize encryption modules can cause a fallback to plaintext due to insufficient error handling. The issue was introduced in 3.0.12 and fixed in 3.0.18. Remediation: upgrade to 3.0.18 ...

8.7CVSS6.4AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.6 views

VTun-ng 安全漏洞

vtun-ng is an application by Jan-Espen Oversand Individual Developer. A security vulnerability exists in VTun-ng 3.0.17 and earlier versions, which stems from a failure in the initialization of the cryptographic module that could lead to a plaintext transfer...

8.7CVSS6.5AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.3 views

PT-2024-28229

Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.7.0 through 2.7.21 Spring Boot versions 3.0.0 through 3.0.16 Spring Boot versions 3.1.0 through 3.1.12 Spring Boot versions 3.2.0 through 3.2.8 Spring Boot versions 3.3.0 through 3.3.2 Description Applications that use...

7.2CVSS7.3AI score0.00123EPSS
Exploits0References18
vulnersOsv
vulnersOsv
added 2024/02/07 12:30 p.m.7 views

org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...

7.4CVSS7.1AI score0.00763EPSS
Exploits0
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.6 views

WordPress Order Tracking plugin <= 3.0.16 - Authenticated Arbitrary Plugin Settings Update vulnerability

Authenticated Arbitrary Plugin Settings Update vulnerability discovered in WordPress Order Tracking plugin versions = 3.0.16. Solution Update the WordPress Order Tracking plugin to the latest available version at least 3.0.17...

3.8AI score
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2021/12/09 7:8 p.m.9 views

@0x0c/nestjs-swagger (>=6.1.5 <=6.3.1), @1creator/backend (>=1.1.17 <=1.2.151) +1107 more potentially affected by unknown CVE via swagger-ui-dist (>=3.0.17 <=4.1.2)

swagger-ui-dist NPM version =3.0.17, =6.1.5, =1.1.17, =1.1.0-beta.1, =15.0.0, =0.1.0-alpha.1, =0.2.4, =1.2.0, =3.7.0, =1.0.0, =1.0.0, =1.0.0, =1.7.8, =2.2.2, =2.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...

5.5AI score
Exploits0
CNVD
CNVD
added 2019/10/08 12:0 a.m.5 views

Unspecified Vulnerability in CloudBees Jenkins Aqua Security Scanner Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Aqua Security Scanner Plugin is used in one o...

7.5CVSS6.7AI score0.00888EPSS
Exploits0References1
OSV
OSV
added 2019/09/25 4:15 p.m.7 views

CVE-2019-10428

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

7.5CVSS7.1AI score0.00888EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/14 12:0 a.m.67 views

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

9.8CVSS8.3AI score0.97356EPSS
Exploits12References5
Packet Storm
Packet Storm
added 2019/03/07 12:0 a.m.49 views

OrientDB 3.0.17 GA Community Edition XSS / CSRF

Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 GA Community Edition March 7th, 2019 Introduction OrientDB ...

0.4AI score
Exploits0
CNVD
CNVD
added 2019/01/11 12:0 a.m.2 views

Intel SSD Data Center Tool for Windows Elevation of Privilege Vulnerability

Intel SSD Data Center Tool for Windows is a Windows-based SSD management tool from Intel USA. It supports configuration of SSDs using PCIe and SATA and detects the status of SSDs. A security vulnerability exists in versions of Intel SSD Data Center Tool prior to 3.0.17 for Windows-based platforms...

7.8CVSS6.5AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2014/01/16 9:55 p.m.5 views

DEBIAN-CVE-2012-6620

Multiple cross-site scripting XSS vulnerabilities in the 1 tasks and 2 search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.02095EPSS
Exploits1References1
Rows per page
Query Builder