Lucene search
K

131 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-32715

Malicious code in bioql PyPI...

10CVSS9.4AI score0.15231EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28217

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.01304EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 12:15 p.m.3 views

CVE-2025-41039

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:11 a.m.13 views

CVE-2025-41045

appRain CMF 4.0.5 contains a stored authenticated XSS flaw due to improper validation of input in data[sconfig][ethical_licensekey] at /apprain/admin/config/ethical. Impact is client-side script execution in victims’ browsers; no fixed version is listed. Remediation is not provided in the sources...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/04 11:9 a.m.4 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:9 a.m.10 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/08/25 2:15 p.m.4 views

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

6.1CVSS5.7AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.7 views

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.3 views

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

6.2AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.6 views

PT-2025-34609 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04 through 23.04.7 Mahara versions 24.04 through 24.04.2 Description: An issue exists in Mahara where the About, Contact, and Help footer links are susceptible to Cross Site Scripting XSS due to insufficient input...

6.1CVSS5.6AI score0.00229EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/17 5:25 p.m.17 views

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS7.9AI score0.00501EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.296 views

Cisco ISE 3.0 - Authorization Bypass

Exploit Title: Cisco ISE 3.0 - Authorization Bypass Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Authorization Bypass CVE: CVE-2025-20125 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...

9.1CVSS7.4AI score0.14982EPSS
Exploits2
OSV
OSV
added 2025/07/21 3:15 p.m.3 views

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

7.2CVSS6.4AI score0.01091EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

IBM OpenPages with Watson 安全漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

4.3CVSS6.2AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.5 views

CVE-2023-21848

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.8CVSS6.8AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.12 views

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

4.8CVSS6.1AI score0.00694EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/16 4:8 p.m.23 views

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

8.8CVSS6.9AI score0.01173EPSS
Exploits2References1
Drupal
Drupal
added 2025/02/26 12:0 a.m.9 views

OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020

Provides OAuth2 server functionality based on the oauth2-server-php library. The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate...

9.8CVSS5.5AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.7 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminconfig.php?action=save&varid=32 does not adequately verify whether the request is from a trusted user , an...

8.8CVSS7AI score0.00279EPSS
Exploits1References2
NCSC
NCSC
added 2024/02/08 12:0 a.m.21 views

Vulnerabilities fixed in Cisco Expressway

Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...

9.6CVSS7.5AI score0.00846EPSS
Exploits0
Rows per page
Query Builder