Lucene search
K

83 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 2:20 a.m.18 views

CVE-2026-34429

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

5.4CVSS6.2AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 1:54 p.m.29 views

CVE-2026-34429 Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

5.4CVSS0.00281EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:54 p.m.2 views

CVE-2026-34429

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

5.4CVSS6.2AI score0.00281EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/01/17 12:25 a.m.5 views

SUSE CVE-2026-21483

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

6.4CVSS6.2AI score0.00198EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.9 views

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

9.8CVSS6.9AI score0.01016EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 9:16 p.m.5 views

CVE-2026-21483

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

6.4CVSS0.00198EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/16 5:44 p.m.6 views

Improper Authorization

Overview potsky/pimp-my-log is a Log viewer for your web server. Affected versions of this package are vulnerable to Improper Authorization via the Account Creation Endpoint. An attacker can gain unauthorized administrative access and execute arbitrary JavaScript by exploiting the unsanitized...

9.8CVSS7.1AI score0.00567EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-16107

Malware in sbrugna...

9.8CVSS9.2AI score0.01277EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-11012

Malware in sbrugna...

10CVSS9.2AI score0.03653EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-2973

Malware in sbrugna...

10CVSS9.5AI score0.01405EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-2970

Malware in sbrugna...

10CVSS9.5AI score0.01566EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-17180

Malware in sbrugna...

10CVSS9.5AI score0.02016EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52794

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01016EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/10/01 11:10 p.m.6 views

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

7.5CVSS7AI score0.01702EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:28 a.m.7 views

CVE-2019-20467

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available which is not advertised or functionally used, but is nevertheless available. Two backdoor accounts root and default exist that can be used on this...

10CVSS7.2AI score0.03653EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/11/26 12:0 a.m.5 views

Korenix JetNet Use of Hard-coded Credentials (CVE-2020-12501)

Improper Authorization vulnerability of Korenix JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4510, JetNet 5310, JetNet 4706, JetNet 5428G, JetNet 6095, JetNet 4706 use undocumented accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

9.8CVSS8.4AI score0.03298EPSS
Exploits7References15
OSV
OSV
added 2023/01/30 11:15 p.m.3 views

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...

8.1CVSS5.8AI score
Exploits0References1
Talos Blog
Talos Blog
added 2022/08/10 7:30 p.m.28 views

Cisco Talos shares insights related to recent cyber attack on Cisco

Update History Date | Description of Updates ---|--- Aug. 10th 2022| Adding clarifying details on activity involving active directory. Aug. 10th 2022| Update made to the Cisco Response and Recommendations section related to MFA. Executive summary On May 24, 2022, Cisco became aware of a potential...

1.6AI score
Exploits0
OSV
OSV
added 2022/07/17 11:15 p.m.6 views

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

9.8CVSS5.8AI score0.01016EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/17 11:15 p.m.5 views

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

9.8CVSS7.3AI score0.01016EPSS
Exploits1References2
Rows per page
Query Builder