Lucene search
K

431 matches found

Vulnrichment
Vulnrichment
โ€ขadded 2025/06/04 7:59 p.m.โ€ข10 views

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

6.7CVSS6.7AI score0.00387EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2025/05/29 9:15 a.m.โ€ข34 views

CVE-2025-4687

In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...

7.2CVSS0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 10:31 a.m.โ€ข10 views

CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS6.6AI score0.004EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 7:20 a.m.โ€ข9 views

CVE-2024-8878

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...

10CVSS7.2AI score0.01265EPSS
Exploits2References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 4:17 a.m.โ€ข8 views

CVE-2023-41718

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...

7.8CVSS6.9AI score0.00452EPSS
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข89 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 9:57 p.m.โ€ข11 views

CVE-2022-43416

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...

8.8CVSS6.7AI score0.01088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 5:2 p.m.โ€ข6 views

CVE-2020-28998

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password...

10CVSS7.1AI score0.02844EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 4:13 a.m.โ€ข16 views

CVE-2019-10388

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS6.7AI score0.00636EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 4:10 a.m.โ€ข10 views

CVE-2019-0355

SAP NetWeaver Application Server Java Web Container, ENGINEAPI before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP-JEECOR before versions 6.40, 7.0, 7.01, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the...

7.2CVSS7AI score0.01562EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2025/05/13 12:0 a.m.โ€ข5 views

PT-2025-20837 ยท WordPress ยท Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions 1.0 through 2.2.7 Description: The issue is related to a missing capability check in the ajax request function, allowing authenticated attackers with Subscriber-level access or higher to contro...

8.8CVSS9.1AI score0.00383EPSS
Exploits0References11
Vulnrichment
Vulnrichment
โ€ขadded 2025/05/12 12:0 a.m.โ€ข7 views

CVE-2025-45835

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENTLENGTH, causing the program to crash and...

6.7AI score0.00403EPSS
Exploits1References1
Veracode
Veracode
โ€ขadded 2025/05/06 6:32 a.m.โ€ข8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

snowflake.data is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to improper verification of the file owner when reading a user-provided logging configuration file on Linux and macOS, allowing a local attacker to overwrite the configuration and contro...

7CVSS6.4AI score0.00135EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
โ€ขadded 2025/04/30 12:0 a.m.โ€ข2 views

Volcano ๅฎ‰ๅ…จๆผๆดž

Volcano is a batch processing system built on Kubernetes by Volcano Open Source. A security vulnerability exists in Volcano versions prior to 1.11.2, which stems from a service or plugin being under the control of an attacker and could lead to a denial of service and elevation of privilege...

8.2CVSS6.4AI score0.00396EPSS
Exploits0References6
Github Security Blog
Github Security Blog
โ€ขadded 2025/04/14 5:47 p.m.โ€ข40 views

Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customiz...

9.9CVSS7.3AI score0.00671EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/04/10 12:0 a.m.โ€ข11 views

MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)

The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...

8.8CVSS6AI score0.00287EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2025/03/28 12:54 p.m.โ€ข4 views

Malicious code in paypal-url-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee5e504dfd1a8b2c6e07c8e238a743be5b370d288b12b38eb37e16d82051ae9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
โ€ขadded 2025/03/15 2:15 a.m.โ€ข21 views

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

7.5CVSS6.9AI score0.00172EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/03/12 4:15 p.m.โ€ข36 views

CVE-2025-20141

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability ...

7.4CVSS0.00227EPSS
Exploits0References2
CNVD
CNVD
โ€ขadded 2025/03/07 12:0 a.m.โ€ข2 views

Ubiquiti UniFi Protect Cameras Firmware Update Insufficient Authentication Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Firmware Update Validation Insufficiency vulnerabilit...

6.8CVSS7.2AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder