Lucene search
K

222 matches found

NCSC
NCSC
added 12 hours ago5 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Progress MOVEit Transfer < 2025.0.8 / 2025.1.0 < 2025.1.4 / 2026.0.0 < 2026.0.1 Multiple Vulnerabilities

The version of Progress MOVEit Transfer installed on the remote host is prior to 2025.0.8, 2025.1.x prior to 2025.1.4, or 2026.0.x prior to 2026.0.1. It is, therefore, affected by multiple vulnerabilities: - Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress...

8CVSS6.1AI score0.00442EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-11903

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 5 days ago20 views

CVE-2026-11903

CVE-2026-11903 is a stored XSS in the Progress MOVEit Transfer (Ad Hoc module). The issue arises from improper neutralization of input during web page generation. Affects MOVEit Transfer versions: 2026.0.0 before 2026.0.1; 2025.1.0 before 2025.1.4; 2025.0.0 before 2025.0.8. CVSS v3.1 base score 8...

8CVSS5.9AI score0.00232EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00232EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42280

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS5.9AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56456

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2026.0.0 through 2026.0.0 MOVEit Transfer versions 2025.1.0 through 2025.1.3 MOVEit Transfer versions 2025.0.0 through 2025.0.7 Description Stored cross-site scripting XSS occurs in the Ad Hoc module due to improper...

8CVSS5.8AI score0.00232EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.16 views

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

10CVSS7.7AI score0.9015EPSS
Exploits5References5
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.6 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +62 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-openai MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.21.2, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-41712 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624639...

7.5CVSS5.4AI score0.0026EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 5:37 p.m.4 views

CVE-2026-40599 ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

8.4CVSS5.8AI score0.00134EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.4 views

FoSAM: Forward Secret Messaging in Ad-Hoc Networks

Apps such as Firechat and Bridgefy have been used during recent protests in Hong Kong and Iran, as they allow communication over ad-hoc wireless networks even when internet access is restricted. However, these apps do not provide sufficient protection as they do not achieve forward secrecy in...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001427 advisory. mwifiexcmd80211adhocstart in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code vi...

8.8CVSS7.3AI score0.02209EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Elastic Kibana Fleet 安全漏洞

Elastic Kibana Fleet is a component of Elastic Netherlands that centralizes the management and monitoring of Elastic Agent. A security vulnerability exists in Elastic Kibana Fleet that stems from an unlimited or infinite stream of resource allocations, which could lead to over-allocation via ad-h...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.5 views

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

6.1CVSS6.4AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-52180

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

6.1CVSS6.4AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 9:30 p.m.4 views

EUVD-2025-37193

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/30 9:30 p.m.6 views

EUVD-2025-37194

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

5.8AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 7:16 p.m.4 views

CVE-2025-52180

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

6.1CVSS5.9AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 7:16 p.m.5 views

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

6.1CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 7:16 p.m.5 views

CVE-2025-52180

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

6.1CVSS0.00239EPSS
Exploits0References2
Rows per page
Query Builder