Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/04/26 12:7 a.m.7 views

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS6.8AI score0.00291EPSS
Exploits0References1
Circl
Circl
added 2025/04/25 4:7 p.m.3 views

CVE-2025-32951

creationtimestamp| type| source ---|---|--- 2025-04-25 16:07:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13460...

6.4CVSS4.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2025/04/22 6:15 p.m.10 views

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS0.00291EPSS
Exploits0References9
CVE
CVE
added 2025/04/22 5:32 p.m.56 views

CVE-2025-32951

CVE-2025-32951 affects io.jmix.rest:jmix-rest via the /files endpoint, enabling XSS when an attacker manipulates a file-path/name input so the Content-Type becomes text/html for names ending with .html. Impact is cross-site scripting in browsers when a malicious file is uploaded beforehand. Affec...

6.4CVSS6.3AI score0.00291EPSS
Exploits0References9Affected Software4
Cvelist
Cvelist
added 2025/04/22 5:32 p.m.23 views

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS0.00291EPSS
Exploits0References9
OSV
OSV
added 2025/04/22 5:32 p.m.6 views

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS6.6AI score0.00291EPSS
Exploits0References11
NVD
NVD
added 2024/04/24 7:15 a.m.18 views

CVE-2024-32951

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1...

6.5CVSS6.5AI score0.00438EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 6:59 a.m.57 views

CVE-2024-32951

CVE-2024-32951 affects BloomPixel Max Addons Pro for Bricks (Max Addons Pro for Bricks) up to version 1.6.1, with a Missing Authorization vulnerability that could permit unauthorized access to plugin settings. The CVSS 3.1 base metrics show a Medium severity (6.5) with network attack vector, no c...

6.5CVSS5.1AI score0.00438EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.26 views

WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change

Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...

6.5CVSS6.5AI score0.00438EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/11 6:26 p.m.11 views

CVE-2022-32951

...

Exploits0
CVE
CVE
added 2022/07/11 6:26 p.m.44 views

CVE-2022-32951

This CVE entry is rejected/not used and does not represent an active vulnerability.

7.4AI score
Exploits0
NVD
NVD
added 2021/10/27 1:15 a.m.8 views

CVE-2021-32951

WebAccess/NMS Versions prior to v3.0.3Build6299 has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS...

5.3CVSS0.0089EPSS
Exploits0References1
CVE
CVE
added 2021/10/27 12:54 a.m.53 views

CVE-2021-32951

CVE-2021-32951 affects Advantech WebAccess/NMS versions prior to 3.0.3_Build6299, exposing an improper authentication vulnerability that may allow an unauthenticated attacker to view resources monitored and controlled by WebAccess/NMS, including IP addresses and names of all managed devices. The ...

5.3CVSS5.3AI score0.0089EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2021/08/17 12:0 a.m.76 views

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

5.3CVSS5.6AI score0.0089EPSS
Exploits0References5
Rows per page
Query Builder