Lucene search
K

310 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-41431

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00519EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-47963

Malicious code in bioql PyPI...

9.8CVSS6.8AI score0.00586EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.6 views

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including the front-end mall system and the back-end management system. A security vulnerability exists in mall version 1.0.3, which stems from an improperly restricted authentication attempt...

6.3CVSS5AI score0.00581EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/08/07 10:54 a.m.16 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

8.2CVSS6.9AI score0.00461EPSS
Exploits0References50
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.12 views

PT-2025-32218 · Unknown · Vedo Suite

Name of the Vulnerable Software and Affected Versions: Vedo Suite version 2024.17 Description: Vedo Suite 2024.17 is susceptible to an incorrect access control issue. This allows remote attackers to obtain a valid, high-privilege JWT JSON Web Token without authentication by sending an empty HTTP...

6.5CVSS6.8AI score0.00408EPSS
Exploits2References6
Hacker One
Hacker One
added 2025/07/29 10:38 p.m.13 views

Mars: SQLi at █████ parameter

A SQL injection vulnerability was discovered in an items endpoint that accepted unauthenticated POST requests without CSRF validation. The vulnerability allowed execution of arbitrary SQL commands and extraction of database metadata. Additional security issues included stored XSS through the...

6.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/25 8:10 p.m.12 views

HAX CMS API Lacks Authorization Checks

Summary The HAX CMS API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP versions of the CMS do not verify that a user has permission to interact with a resource before performing a given operation. Details The API endpoints within the HAX CMS...

8.3CVSS6.9AI score0.0047EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2025/07/20 11:15 a.m.13 views

CVE-2025-7882

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated...

3.1CVSS0.00291EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/12 9:25 a.m.13 views

CVE-2025-4972

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...

2.7CVSS5.9AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.3 views

PT-2025-28946 · Ruckus +2 · Smartzone +1

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ contains a hardcoded SSH private key for a root-equivalent user account. Recommendations: Update RUCKUS SmartZone SZ to version 6.1.2p3 Refresh Build...

9.8CVSS9AI score0.0072EPSS
Exploits0References9
NVD
NVD
added 2025/07/08 9:15 p.m.5 views

CVE-2025-7031

Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4...

5.3CVSS0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 3:2 p.m.11 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service...

4.9CVSS0.0065EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/07/07 2:29 a.m.21 views

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.8CVSS7.2AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/26 5:31 a.m.8 views

CVE-2025-2938 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

3.1CVSS0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/24 8:10 p.m.11 views

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS0.00619EPSS
Exploits0References2
CVE
CVE
added 2025/06/05 1:20 p.m.62 views

CVE-2025-27754

CVE-2025-27754 : A stored XSS flaw affects RSBlog! component for Joomla, versions 1.11.6–1.14.4. The root cause is insufficient input cleanup, allowing an authenticated user to inject JavaScript into the plugin’s resource; the payload is stored and later executed when other users view the affecte...

6.5CVSS6.1AI score0.00186EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.13 views

CVE-2024-6026

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...

6.1CVSS5.8AI score0.00375EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.6 views

CVE-2024-5639

The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.9 views

CVE-2024-10779

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'cetemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

5.3CVSS6.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.16 views

CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication...

8.8CVSS7.1AI score0.00429EPSS
Exploits1References1
Rows per page
Query Builder