Lucene search
K

11 matches found

Circl
Circl
added 5 days ago7 views

CVE-2026-43712

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:42+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...

6.5CVSS5.9AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/27 12:20 a.m.26 views

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...

8CVSS6.4AI score0.00244EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/25 1:41 p.m.3 views

@iurra/chickpea-stew (>=0.3.0 <=0.3.7), @joaopaulomfe/generator-jhipster-agile-kip (>=0.1.0 <=0.1.1) +176 more potentially affected by CVE-2025-43712 via generator-jhipster (>=2.25.0 <=9.1.0)

generator-jhipster NPM version =2.25.0, =0.3.0, =0.1.0, =0.0.7, =0.0.3, =0.0.11, =2.0.13, =0.0.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2025-43712 Source advisory: SNYK:JS-GENERATORJHIPSTER-11023283...

8CVSS5.7AI score0.00244EPSS
Exploits0
OSV
OSV
added 2025/07/25 1:15 p.m.7 views

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...

2.9CVSS6.3AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/25 12:0 a.m.49 views

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...

2.9CVSS0.00244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.18 views

CVE-2022-43712

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...

9.8CVSS9.9AI score0.99677EPSS
Exploits101References1
Vulnrichment
Vulnrichment
added 2024/12/10 10:4 p.m.11 views

CVE-2024-43712 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitize...

5.4CVSS6.2AI score0.00624EPSS
Exploits0References1
OSV
OSV
added 2023/09/30 9:15 p.m.6 views

CVE-2023-43712

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "accesslevelsname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS6AI score0.00431EPSS
Exploits1References2
CVE
CVE
added 2023/07/26 12:0 a.m.87 views

CVE-2022-43712

GX Software XperienCentral 10.36.0 and earlier is affected by CVE-2022-22965 (Spring4Shell) via data binding in Spring MVC/WebFlux on Java 9+. An attacker able to reach a vulnerable WAR/deployed app could achieve remote code execution. Root cause: unsafe data binding in Spring Framework modules; ...

6.5CVSS8.2AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/09 8:58 p.m.22 views

CVE-2021-43712

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field...

5.6AI score0.00916EPSS
Exploits1References1
CVE
CVE
added 2022/05/09 8:58 p.m.77 views

CVE-2021-43712

CVE-2021-43712 corresponds to a Stored XSS vulnerability in Sourcecodester’s Employee Daily Task Management System v1.0, occurring in the Add New Employee Form Name field. The incident is described across multiple sources as enabling a remote attacker to inject/store arbitrary code via the Name f...

5.4CVSS5.3AI score0.00916EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder