Lucene search
K

515 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.4 views

CVE-2025-15440

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00377EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.28 views

CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00377EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

WordPress plugin iONE360 configurator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00377EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/02/02 2:8 p.m.23 views

CVE-2022-50976 Innomic VibroLine Configurator and avibia Configurator allow unintended device reset via USB

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB...

7.7CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 2:8 p.m.11 views

CVE-2022-50976

CVE-2022-50976 affects Innomic VibroLine Configurator and avibia Configurator. A local attacker can trigger a full device reset by resetting device passwords with an invalid reset file over USB, per Red Hat/NVD/CVE records. The vulnerability is local, requires no user interaction, and can impact ...

7.7CVSS5.4AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 10:25 p.m.4 views

CVE-2026-21972

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

5.3CVSS5.4AI score0.00219EPSS
Exploits0References1
NCSC
NCSC
added 2026/01/21 9:29 a.m.8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...

9.3CVSS7.6AI score0.01495EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.8 views

EUVD-2026-3540

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

5.3CVSS5.4AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:16 p.m.12 views

CVE-2026-21972

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

5.3CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:16 p.m.3 views

CVE-2026-21972

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:56 p.m.3 views

CVE-2026-21972

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

5.3CVSS7.1AI score0.00219EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Oracle E-Business Suite security vulnerabilities

Oracle E-Business Suite is a comprehensive and integrated global business management software developed by Oracle, a company based in the United States. This software offers features such as customer relationship management, service management, and financial management. There are security...

5.3CVSS7.1AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3719

Name of the Vulnerable Software and Affected Versions Oracle Configurator versions 12.2.3 through 12.2.15 Description An easily exploitable issue exists in the User Interface component of Oracle Configurator within Oracle E-Business Suite. An unauthenticated attacker with network access via HTTP...

5.3CVSS7.3AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43986

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken...

9.8CVSS8.3AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.6 views

CVE-2020-7474

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...

7.8CVSS7.1AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.5 views

CVE-2021-2078

Vulnerability in the Oracle Configurator product of Oracle Supply Chain component: UI Servlet. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attack...

8.2CVSS6.5AI score0.01255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.12 views

CVE-2022-0556

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator ZAC version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator...

7.8CVSS7.7AI score0.00343EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/19 4:9 p.m.4 views

Malicious Package

Overview configurator-framework is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/09 4:40 a.m.8 views

Malicious code in configurator-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1415a36eca30ec625b99386cebfc5f9538d73854984673a1f6827c6f7db1ddac The package configurator-framework was found to contain malicious code. Source: ghsa-malware...

7AI score
Exploits0References1
EUVD
EUVD
added 2025/12/09 4:40 a.m.6 views

EUVD-2025-201878

Malicious code in configurator-framework npm...

6.6AI score
Exploits0
Rows per page
Query Builder