Lucene search
+L

7058 matches found

Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

8.8CVSS8.6AI score0.01417EPSS
Exploits0References6
NVD
NVD
added 2025/12/02 9:15 p.m.4 views

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.8CVSS0.00293EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 9:15 p.m.2 views

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:7 p.m.11 views

CVE-2025-61940

NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...

8.8CVSS7.3AI score0.00293EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.8 views

PT-2025-47302

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the Username argument within the login functionality,...

7.5CVSS7.3AI score0.00615EPSS
Exploits1References8
OSV
OSV
added 2025/11/17 7:11 p.m.5 views

GO-2025-4126 Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost

Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.3CVSS6.7AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.7 views

PT-2025-47209

Name of the Vulnerable Software and Affected Versions code-projects Courier Management System version 1.0 Description A flaw exists in code-projects Courier Management System 1.0 that allows for remote code execution. The issue is located in the file /add-new-officer.php. Manipulation of the...

5.8CVSS8.1AI score0.00373EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.9 views

PT-2025-47120

Name of the Vulnerable Software and Affected Versions lsfusion platform versions prior to 6.1 Description A flaw exists in the lsfusion platform that allows for path traversal. This issue is related to the unpackFile function located in the file...

6.5CVSS6.3AI score0.00559EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/11/14 9:30 a.m.8 views

Mattermost fails to properly restrict access to archived channel search API

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.9AI score0.00188EPSS
Exploits0References4Affected Software5
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.11 views

PT-2025-44788

Name of the Vulnerable Software and Affected Versions Geutebruck G-Cam E-Series Cameras version 1.12.0.19 Description An unauthenticated SQL Injection exists within the Geutebruck G-Cam E-Series Cameras. The issue is located in the /uapi-cgi/viewer/Param.cgi script through the Group parameter...

9.8CVSS7.7AI score0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.8 views

PT-2025-44745

Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Description A flaw exists in the Tenda AC21 device. This issue is related to a buffer overflow in the formSetPPTPServer function within the /goform/SetPptpServerCfg file. Manipulation of the startIp argument can...

9.8CVSS7.2AI score0.00673EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.10 views

PT-2025-44784

Name of the Vulnerable Software and Affected Versions Open Source Social Network OSSN version 8.6 Description Open Source Social Network OSSN version 8.6 is susceptible to a Cross Site Scripting XSS issue. The issue occurs through the param parameter at the /u/administrator/friends API endpoint...

7.3CVSS6AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.11 views

PT-2025-44777

Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to Cross Site Scripting XSS in the /carlux/booking.php file. The issue allows for the injection of malicious scripts through the vulnerable...

5.4CVSS6.3AI score0.00263EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

9.8CVSS7.1AI score0.00382EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.5 views

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS6.9AI score0.00384EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.8 views

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.8AI score0.00687EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/09 9:31 p.m.7 views

EUVD-2025-33577

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.8CVSS7.5AI score0.00861EPSS
Exploits0References5
NVD
NVD
added 2025/10/09 7:15 p.m.7 views

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

7.2CVSS0.00737EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/10/09 6:13 p.m.5 views

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

4.8CVSS5.7AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2020-17585

Malware in sbrugna...

9.8CVSS9.4AI score0.02052EPSS
Exploits1References2
Rows per page
Query Builder