Lucene search
+L

292 matches found

Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.7 views

PT-2025-14567 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 and earlier than 9.4.0RC2 Concrete CMS versions earlier than 8.5.20 Description: The issue concerns Concrete CMS's Address attribute, where addresses are not properly sanitized in the output when a country is not...

5.1CVSS6.2AI score0.00161EPSS
Exploits0References12
OSV
OSV
added 2025/04/02 9:15 p.m.6 views

CVE-2025-29719

SourceCodester rems Employee Management System 1.0 is vulnerable to Cross Site Scripting XSS in addemployee.php via the First Name and Address text fields...

6.1CVSS5.8AI score0.00275EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/03/27 3:46 p.m.5 views

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

9.8CVSS7AI score0.01261EPSS
Exploits0References6
OSV
OSV
added 2025/03/10 8:13 a.m.16 views

BIT-DJANGO-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

7.5CVSS7AI score0.01886EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/18 10:26 p.m.10 views

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

7.1CVSS7.1AI score0.00141EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/02/18 12:0 a.m.13 views

what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The what3words Address Field plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...

7.1CVSS9.1AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2025/02/16 11:15 p.m.15 views

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

7.1CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 2025/02/16 10:17 p.m.84 views

CVE-2025-26768

CVE-2025-26768 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin what3words Address Field (versions up to 4.0.15). The issue allows stored cross-site scripting via CSRF, affecting the plugin’s Address Field from “n/a through 4.0.15.” The associated CVSS 3.1 base score is 7.1 (HIGH): v...

7.1CVSS7.1AI score0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/16 12:0 a.m.10 views

PT-2025-7229 · What3Words · What3Words Address Field

Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...

7.1CVSS9.1AI score0.00141EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/16 12:0 a.m.13 views

WordPress plugin what3words Address Field 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...

7.1CVSS7.2AI score0.00141EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/14 1:50 p.m.7 views

WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin what3words Address Field versions = 4.0.15...

7.1CVSS6.2AI score0.00141EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/28 7:20 p.m.4 views

django: potential denial-of-service vulnerability in IPv6 validation

A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...

7.5CVSS7.1AI score0.01886EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/01/23 9:34 a.m.5 views

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

9.8CVSS7.4AI score0.01261EPSS
Exploits0References6
OSV
OSV
added 2025/01/14 7:15 p.m.3 views

PYSEC-2025-1

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

7.5CVSS6.5AI score0.01886EPSS
Exploits0References5
OSV
OSV
added 2024/10/22 10:15 p.m.5 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

5CVSS5.8AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.7 views

PT-2024-31225 · Unknown · Sourcecodehero Event Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodehero Event Management System version 1.0 Description: The issue is a Stored Cross-Site Scripting vulnerability. It occurs through the parameters Full Name, Address, Email, and contact in the "/clientdetails/admin/regester.php" API...

7.6CVSS6AI score0.00337EPSS
Exploits1References6
Vivaldi Security Advisories
Vivaldi Security Advisories
added 2024/08/23 6:23 a.m.12 views

Minor update (5) for Vivaldi Android Browser 6.8

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the fourth 6.8 stable, minor update: Chromium Backport...

9.6CVSS5.8AI score0.19272EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.10 views

PT-2024-38601 · Unknown · Codeastro Online Railway Reservation System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Railway Reservation System version 1.0 Description: A problematic issue was found in the CodeAstro Online Railway Reservation System, affecting an unknown function of the file /admin/admin-add-employee.php of the component Ad...

5.1CVSS4AI score0.00395EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/08/11 12:0 a.m.4 views

PT-2024-38507 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A problematic issue has been found in the file adds.php, where the manipulation of the argument name, dob, email, mobile, or address leads to cross-site...

5.4CVSS4.3AI score0.00461EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.4 views

Warehouse Management System 跨站脚本漏洞

Warehouse Management System is a warehouse management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Warehouse Management System version 1.0, which stems from the parameter namacustomer/alamatcustomer/notelpcustomer in the file customer.php and results in...

5.4CVSS4.4AI score0.00589EPSS
Exploits1References5
Rows per page
Query Builder