Lucene search
K

594 matches found

Cvelist
Cvelist
added 2025/10/28 9:46 p.m.15 views

CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS0.44656EPSS
Exploits3References1
OSV
OSV
added 2025/10/28 9:46 p.m.7 views

CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS6.7AI score0.44656EPSS
Exploits3References3
CVE
CVE
added 2025/10/28 9:46 p.m.38 views

CVE-2025-64095

Summary (CVE-2025-64095) : DNN (DotNetNuke) versions before 10.1.1 are vulnerable to an unrestricted file upload due to the default HTML editor provider, allowing unauthenticated users to upload and overwrite files. This can enable website defacement and, when combined with other issues, potentia...

10CVSS6.2AI score0.44656EPSS
In wildExploits3References1Affected Software1
Snyk
Snyk
added 2025/10/28 9:41 p.m.3 views

Cross-site Scripting (XSS)

Overview privatebin/privatebin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attachmentname parameter when attachments are enabled. An attacker can cause arbitra...

6.1CVSS5.3AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/28 8:47 p.m.2 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS6.9AI score0.00277EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/28 8:47 p.m.14 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS0.00277EPSS
Exploits0References3
OSV
OSV
added 2025/10/28 8:47 p.m.5 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS7.3AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44221

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.1 Description DNN formerly DotNetNuke is an open-source web content management platform. The default HTML editor provider allows unauthenticated file uploads, enabling attackers to overwrite...

10CVSS5.8AI score0.44656EPSS
Exploits3References37
EUVD
EUVD
added 2025/10/21 6:30 p.m.4 views

EUVD-2025-35187

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

6.1CVSS5.4AI score0.00229EPSS
Exploits1References3
OSV
OSV
added 2025/10/21 4:15 p.m.4 views

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/21 12:0 a.m.13 views

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

0.00229EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.4 views

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

5.5AI score0.00229EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0769

Malware in sbrugna...

6.5CVSS6.4AI score0.00982EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-9280

Malware in sbrugna...

6.1CVSS6.3AI score0.00724EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2021-29064

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00864EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14835

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-24570

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.00715EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2022-2694

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.0125EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/22 4:14 p.m.15 views

CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...

5.4CVSS0.0026EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/08/06 12:30 a.m.10 views

Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page

Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting XSS in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and if victim is an admi...

4.8CVSS5.6AI score0.00304EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder