Lucene search
+L

227 matches found

OSV
OSV
added 2025/05/11 1:15 a.m.6 views

CVE-2025-4526

A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted ear...

5.5CVSS4.9AI score0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/11 1:0 a.m.9 views

CVE-2025-4526 Dígitro NGC Explorer Configuration missing password field masking

A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...

5.3CVSS5.5AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/11 1:0 a.m.23 views

CVE-2025-4526 Dígitro NGC Explorer Configuration missing password field masking

A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...

5.3CVSS0.00241EPSS
Exploits0References5
CVE
CVE
added 2025/05/11 1:0 a.m.54 views

CVE-2025-4526

CVE-2025-4526 affects Dígitro NGC Explorer 3.44.15, specifically the Configuration Page. The issue is that the password field is not masked, exposing passwords in the UI. The vulnerability can be initiated remotely, per multiple sources, with vendor contact noted but no response. Impact is descri...

5.5CVSS5.5AI score0.00241EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/11 12:0 a.m.14 views

PT-2025-20647 · Unknown · Dígitro Ngc Explorer

Name of the Vulnerable Software and Affected Versions: Dígitro NGC Explorer version 3.44.15 Description: A problematic issue was found in the Configuration Page component, leading to missing password field masking. This issue can be initiated remotely. The vendor was contacted about this disclosu...

5.3CVSS4.4AI score0.00241EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.4 views

Wiesemann & Theis Web-IO 跨站脚本漏洞

Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...

5.4CVSS6.2AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2025/05/02 4:15 p.m.2 views

UBUNTU-CVE-2023-53120

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...

5.5CVSS6.3AI score0.00163EPSS
Exploits0References6
OSV
OSV
added 2025/04/03 2:11 p.m.8 views

BIT-JOOMLA-2020-35611 [20201102] - Core - Disclosure of secrets in Global Configuration page

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

7.5CVSS7.4AI score0.01305EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/30 9:18 a.m.14 views

CVE-2025-27574

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...

3.6CVSS6.9AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 9:15 a.m.7 views

CVE-2025-27567

Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from t...

5.4CVSS0.00247EPSS
Exploits0References2
CVE
CVE
added 2025/03/28 8:18 a.m.51 views

CVE-2025-27574

CVE-2025-27574: A stored cross-site scripting (XSS) flaw in the USB storage file-sharing function affects HGW-BL1500HM versions 002.002.003 and earlier. Exploitation could cause arbitrary script execution in the web browser of the user interfacing with the configuration page or LAN-accessible UI....

3.6CVSS8.2AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/28 8:18 a.m.8 views

CVE-2025-27574

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...

3.6CVSS6.8AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2025/03/28 8:17 a.m.56 views

CVE-2025-27567

HGW-BL1500HM (KDDI) contains a stored cross-site scripting (CWE-79) vulnerability in the NickName registration screen for Ver 002.002.003 and earlier. If exploited, an arbitrary script may be executed in the web browser of the user using the configuration page or functions accessible from the LAN...

5.4CVSS8.2AI score0.00247EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from mishandling of an exception that results in the disclosure of credentials on the cloud...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:21 a.m.5 views

CVE-2021-4360

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access...

9.9CVSS6.7AI score0.01153EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/02/05 6:15 p.m.4 views

CVE-2025-24320

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156...

8CVSS6.2AI score0.00582EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a SCSI mpi3mr driver that may result in a corrupted configuration page when the PHY is quickly...

5.5CVSS6.5AI score0.00176EPSS
Exploits0References4
NVD
NVD
added 2024/11/20 9:15 p.m.20 views

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

5.4CVSS0.00247EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.15 views

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

5.4AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.6 views

PT-2024-35414 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo version 14.5.0 Description: A stored cross-site scripting XSS issue in the Configuration page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. This could potential...

5.4CVSS6.1AI score0.00247EPSS
Exploits1References6
Rows per page
Query Builder