Lucene search
K

60 matches found

Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.3 views

PT-2025-35904

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection vulnerability exists that allows an attacker to retrieve, create, update, and delete the database. This is possible through the data%5BPage%5D%5Bname%5D parameter in the...

9.8CVSS7.4AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35905

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection flaw exists in appRain CMF version 4.0.5. This flaw allows an attacker to retrieve, create, update, and delete the database through the data%5BPage%5D%5Bname%5D parameter in the...

9.8CVSS7.3AI score0.00353EPSS
Exploits0References3
CVE
CVE
added 2025/08/21 3:36 p.m.35 views

CVE-2025-55742

CVE-2025-55742 concerns UnoPim, a Laravel-based open-source PIM. The vulnerability is a stored XSS in the user-creation endpoint (/admin/settings/users/create) caused by a SVG MIME/sanitizer bypass. It affects UnoPim versions before 0.2.1 and is fixed in 0.2.1. The issue arises from insufficient ...

8CVSS6.2AI score0.00345EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/08/17 11:42 p.m.2 views

Cross-site Scripting (XSS)

Overview express-gateway is an A microservices API gateway built on top of ExpressJS Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a lack of input validation and output sanitization when handling user and application creation POST / and update PUT /:id...

5.1CVSS5.5AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/11 9:31 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the create channel subscription endpoint, which fails to check the authorization of the user. An attacker can gain unauthorized access to create channel subscriptions by making API calls...

7.2CVSS7.1AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2025/08/11 6:57 p.m.36 views

CVE-2025-54458

Mattermost Confluence Plugin vulnerability CVE-2025-54458: versions = 1.5.0 or apply vendor-provided fix as available.

5CVSS7.1AI score0.00192EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-54458 Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...

5CVSS7.1AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/04/20 1:15 a.m.8 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
OSV
OSV
added 2025/04/20 1:15 a.m.2 views

UBUNTU-CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
Snyk
Snyk
added 2025/03/20 10:46 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...

6.9CVSS7AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.4 views

Dcat Admin 安全漏洞

Dcat Admin is a second development based on laravel-admin to build the backend system tools . A cross-site scripting vulnerability exists in Dcat Admin v2.2.0-beta, which stems from the lack of effective filtering and escaping of user-supplied data in /admin/articles/create, and can be exploited ...

4.8CVSS6AI score0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2024-9415 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions 0.3.14 and earlier Description: The issue is related to the disclosure of system data to unauthorized individuals. It can be exploited by a remote attacker to cause a denial of service. The vulnerability allows file existence...

7.8CVSS9.2AI score0.04237EPSS
Exploits2References16
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.4 views

PT-2024-20126 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This issue can be exploited via the /cupseasylive/taxstructurelinecreate.ph...

8.2CVSS6.1AI score0.00437EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.7 views

PT-2024-20134 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A vulnerability has been reported in Cups Easy Purchase & Inventory whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via...

8.2CVSS6.1AI score0.00399EPSS
Exploits0References6
OSV
OSV
added 2023/07/22 4:15 p.m.4 views

CVE-2023-3832

A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic. Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the...

6.1CVSS3.8AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2023/07/22 9:15 a.m.5 views

CVE-2023-3827

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads...

6.1CVSS3.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/22 12:0 a.m.4 views

PT-2023-26357 · Unknown · Bug Finder Wedding Wonders

Name of the Vulnerable Software and Affected Versions: Bug Finder Wedding Wonders version 1.0 Description: A vulnerability was found in the Ticket Handler component, specifically in the /user/ticket/create file, where an unknown function is affected. The manipulation of the message argument leads...

6.1CVSS4.1AI score0.00312EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.4 views

PT-2023-26189 · Unknown · Bug Finder Chaincity Real Estate Investment Platform

Name of the Vulnerable Software and Affected Versions: Bug Finder ChainCity Real Estate Investment Platform version 1.0 Description: A problematic vulnerability has been found in the New Ticket Handler component of the Bug Finder ChainCity Real Estate Investment Platform. The issue affects an...

6.1CVSS4.2AI score0.00312EPSS
Exploits0References5
OSV
OSV
added 2022/09/28 5:15 a.m.5 views

CVE-2022-3333

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

5.4CVSS3.9AI score0.00415EPSS
Exploits1References2
CNVD
CNVD
added 2018/07/25 12:0 a.m.2 views

BageCMS Cross-Site Request Forgery Vulnerability

BageCMS is a cross-platform content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the index.php?r=admini/admin/create URL in BageCMS version 3.1.3. A remote attacker can exploit the vulnerability to add a backend administrator account...

8.8CVSS8.8AI score0.00523EPSS
Exploits1References1
Rows per page
Query Builder