Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-45932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be execute...

7.3CVSS5.8AI score0.00133EPSS
Exploits0References4
CVE
CVE
added 2026/02/16 12:25 p.m.24 views

CVE-2025-14573

Mattermost advisory MMSA-2025-00561 describes a vulnerability in Mattermost versions 10.11.x ≤ 10.11.9 where invite permissions are not enforced when updating team settings. This allows team administrators lacking proper permissions to bypass restrictions and add users to their team via API reque...

3.8CVSS5.5AI score0.00157EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

7.2CVSS7.3AI score0.00721EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4621

Malware in sbrugna...

9.8CVSS9.5AI score0.01825EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-11575

Malware in sbrugna...

9.8CVSS9.2AI score0.01347EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-7530

Malware in sbrugna...

9.1CVSS9AI score0.01908EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.2 views

F5 F5OS 安全漏洞

F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 devices to support its application delivery control and security features. A security vulnerability exists in F5 F5OS that stems from an administrator being able to bypass device mode restrictions...

8.3CVSS6.7AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2024/05/22 7:37 a.m.73 views

CVE-2024-4157

CVE-2024-4157 covers a PHP Object Injection vulnerability in the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” All versions up to and including 5.1.15 are affected via deserialization in the extractDynamicValues function. Exploitation re...

8.8CVSS7.9AI score0.00696EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.29 views

Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additiona...

9.8CVSS6.9AI score0.02333EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.3 views

WordPress Plugin Brizy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.1CVSS6.6AI score0.00425EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

Veritas Technologies Veritas NetBackup 安全漏洞

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in the Veritas NetBackup Appliance prior to version 4.1.0.1 MR3, which stems from an insecure privilege setting that could allow an...

7.2CVSS7.4AI score0.00624EPSS
Exploits0References2
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

CVE-2022-3394

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.2CVSS6.1AI score0.01307EPSS
Exploits2References1
OSV
OSV
added 2022/09/14 11:15 a.m.4 views

CVE-2022-37138

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form...

9.8CVSS5.8AI score0.00952EPSS
Exploits2References2
Prion
Prion
added 2020/09/30 6:15 p.m.14 views

Design/Logic Flaw

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...

7.5CVSS9.3AI score0.01347EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/06/14 12:0 a.m.2 views

Trend Micro OfficeScan Unauthorized Change Prevention Bypass Vulnerability

Trend Micro OfficeScan is a suite of distributed anti-virus software from Trend Micro. A security vulnerability exists in Trend Micro OfficeScan version 11.0 SP1 and XG. An attacker with administrator privileges could exploit this vulnerability to bypass security protections that prevent...

4.4CVSS6.8AI score0.01362EPSS
Exploits5References1
Prion
Prion
added 2017/10/11 12:29 a.m.14 views

Hardcoded credentials

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage...

7.2CVSS8.1AI score0.00381EPSS
Exploits0References2Affected Software5
CNVD
CNVD
added 2016/05/18 12:0 a.m.3 views

Moodle Design Vulnerability (CNVD-2016-03325)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A design vulnerability exists in Moodle. An attacker can exploit the vulnerability to...

6.5CVSS6.8AI score0.01282EPSS
Exploits0References1
Prion
Prion
added 2016/01/17 5:59 a.m.17 views

Design/Logic Flaw

Report Builder in IBM Jazz Reporting Service JRS 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors...

4CVSS6.4AI score0.00887EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2015/01/15 12:0 a.m.52 views

Microsoft Windows NtApphelpCacheControl Improper Authorization Check

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' class Metasploit3 'Microsoft Windows NtApphelpCacheControl Improper Authorization Check',...

7.2CVSS0.5AI score0.13802EPSS
Exploits4
Packet Storm
Packet Storm
added 2012/06/03 12:0 a.m.18 views

Vanilla Forums 2.0.18.4 Tagging Stored Cross Site Scripting

Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag. I used alert'xss' You will have to use a proxy /...

7.4AI score
Exploits0
Rows per page
Query Builder