Lucene search
K

11465 matches found

Positive Technologies
Positive Technologies
added 2025/11/09 12:0 a.m.9 views

PT-2025-45582

Name of the Vulnerable Software and Affected Versions qianfox FoxCMS versions up to 1.2.16 Description A cross-site scripting issue exists in the add/edit function of the app/admin/controller/Product.php file. Manipulation of the Title argument can trigger this issue. The attack can be initiated...

4.8CVSS5.5AI score0.00286EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/11/08 4:54 p.m.15 views

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

7.2CVSS7AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/08 6:39 a.m.5 views

CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...

4.3CVSS0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.20 views

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

6.1CVSS6.3AI score0.00196EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 8:15 p.m.3 views

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

6.1CVSS6AI score0.00196EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.4 views

CVE-2025-53880

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS6.9AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.5 views

EUVD-2025-38271

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

5.8CVSS6.5AI score0.00268EPSS
Exploits0References5
OSV
OSV
added 2025/11/07 4:15 p.m.2 views

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

7.2CVSS5.7AI score0.00268EPSS
Exploits0References4
NVD
NVD
added 2025/11/07 4:15 p.m.4 views

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

7.2CVSS0.00268EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/07 4:2 p.m.8 views

CVE-2025-12861 DedeBIZ spec_add.php sql injection

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

5.8CVSS0.00268EPSS
Exploits0References4
CVE
CVE
added 2025/11/07 4:2 p.m.10 views

CVE-2025-12861

CVE-2025-12861 affects DedeBIZ up to version 6.3.2. The vulnerability resides in /admin/spec_add.php, where manipulation of the flags[] parameter enables SQL injection. Exploitation is remote and public. Remediation: update to a fixed version (6.3.2+ or later) or apply vendor-provided mitigations.

7.2CVSS5.2AI score0.00268EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/07 4:2 p.m.1 views

CVE-2025-12861 DedeBIZ spec_add.php sql injection

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

5.8CVSS6.6AI score0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45465

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. This issue is related to the manipulation of the flags argument within the /admin/spec add.php file. The exploit for this issue has been...

5.8CVSS4.9AI score0.00268EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/06 7:39 p.m.3 views

CVE-2025-34236 Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

6.2CVSS0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.3 views

PT-2025-45372

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the NetworksController.addNetworkAction function. An authenticated, low-privileged user can inject SQL code through datatable search...

5.1CVSS7.8AI score0.00264EPSS
Exploits0References5
CNVD
CNVD
added 2025/11/05 12:0 a.m.2 views

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

7.2CVSS8.2AI score0.00411EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989519 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsiremovehost in pm8001alloc Calling scsiremovehost before scsiaddhost...

6.2CVSS5.9AI score0.00248EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989622)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989622 advisory. In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and...

5.5CVSS5.8AI score0.0024EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989475 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the chann...

5.5CVSS5.7AI score0.00246EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990305 advisory. In the Linux kernel, the following vulnerability has been resolved: Revert wifi: mac80211: fix memory leak in ieee80211ifadd This reverts commit...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References4
Rows per page
Query Builder