Lucene search
K

10 matches found

EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29781

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...

8.7CVSS5.8AI score0.00402EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 9:31 p.m.5 views

EUVD-2025-37392

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.4AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19508

Malware in sbrugna...

9.8CVSS9.2AI score0.01779EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-30084

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0942

Malicious code in bioql PyPI...

8.7CVSS8.4AI score0.0076EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.6 views

PT-2025-27554 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 25.5.0 Description: The issue allows an attacker with a malicious OAuth application registered with Sentry to take advantage of a race condition and improper handling of authorization code within Sentry, maintaining...

5.5CVSS6.5AI score0.00672EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 a.m.6 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5CVSS6.9AI score0.00926EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/15 10:0 p.m.5 views

CVE-2022-36074 Authentication headers exposed on by Nextcloud Server

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...

6.4CVSS7.5AI score0.00606EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.3 views

PT-2021-19887 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: The issue concerns the handling of webauthn tokens in Nextcloud Server. In affected versions, webauth...

10CVSS6.2AI score0.02604EPSS
Exploits3References81
CNVD
CNVD
added 2018/09/14 12:0 a.m.2 views

Shenzhen Jiya Technology Co., Ltd Jiya APP has information leakage vulnerability

JIYA APP is a cell phone housing search life application that includes new and second-hand housing functions. CAPTCHA Information Leakage: This vulnerability is mainly in the login and password retrieval, the server will return the verification code to the client, thus causing the leakage of...

7.2AI score
Exploits0
Rows per page
Query Builder