Lucene search
K

1407 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-1011

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration versions up to 3.1 Description A flaw exists in PHPGurukul Online Course Registration that results in missing authorization. This issue affects an unknown function and allows for remote exploitation. The...

8.8CVSS6AI score0.00418EPSS
Exploits1References15
CVE
CVE
added 2025/12/15 8:28 p.m.14 views

CVE-2023-53890

CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...

5.4CVSS5.7AI score0.00198EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.2 views

CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

8.6CVSS8.4AI score0.00794EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51308

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description The application allows authenticated users to upload malicious SVG files containing embedded JavaScript. An attacker can craft SVG files with script tags that execute when the file is viewed, potentially leadi...

5.4CVSS5.8AI score0.00198EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

Perch CMS 安全漏洞

Perch CMS is a content management system from Perch, Inc. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated users to upload malicious SVG files with embedded JavaScript, potentially leading to a stored cross-site scripting attack...

5.4CVSS6AI score0.00198EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/11 9:35 p.m.20 views

CVE-2024-58291 Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and...

5.3CVSS0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.30 views

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

3.3CVSS0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

4.3CVSS9AI score0.00218EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qatengine, qatlib (SUSE-SU-2025:4053-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4053-1 advisory. Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: CVE-2024-2888...

8.2CVSS5.8AI score0.00509EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Use After Free (CVE-2021-36086)

The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission called from cilresetclasspermsset and cilresetclasspermslist. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

3.3CVSS6.7AI score0.00592EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Use After Free (CVE-2021-36085)

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

3.3CVSS6.7AI score0.00453EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Use After Free (CVE-2021-36084)

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

3.3CVSS6.7AI score0.00481EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/11/10 9:27 p.m.8 views

CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

7.8CVSS8.1AI score0.00237EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.5 views

CVE-2025-64184

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6.9AI score0.00443EPSS
Exploits0References1
CVE
CVE
added 2025/11/07 3:2 a.m.25 views

CVE-2025-64184

CVE-2025-64184 affects Dosage up to version 3.1. The vulnerability arises because, while the basename is sanitized, the HTTP Content-Type header is used to derive the file extension when constructing target file names during image downloads, enabling a remote attacker (or MitM over HTTP) to cause...

8.8CVSS6.5AI score0.00443EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/11/05 8:16 a.m.3 views

Security update for qatengine, qatlib

This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365 CVE-2024-31074 bsc1233366 CVE-2024-33617 Update to 1.7.0: ipp-crypto name change to cryptography-primitives QATSW G...

8.2CVSS6.7AI score0.00509EPSS
Exploits0References12
Patchstack
Patchstack
added 2025/11/04 5:21 a.m.12 views

WordPress LMB^Box Smileys plugin <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LMB^Box Smileys versions = 3.2...

6.1CVSS5.6AI score0.00142EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/04 5:16 a.m.19 views

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00142EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.23 views

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44953

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage page function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00142EPSS
Exploits0References5
Rows per page
Query Builder