Lucene search
+L

2470 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45824

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk affected versions not specified Description A denial-of-service issue exists where exploitation could cause the server to crash due to insufficient memory. Recommendations At the moment, there is no information about a...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Cisco Desk Phone 9841 and 9851 Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Desk Phone 9841 and 9851 are affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Desk Phone 9841 and 9851 due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

8.1CVSS7.6AI score0.99506EPSS
Exploits69References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/01 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS6AI score0.58447EPSS
In wildExploits2References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

SpringBlade 跨站脚本漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a cross-site scripting vulnerability. This vulnerability stems from the /api/blade-desk/notice/submit endpoint, where a stored cross-site script exists. This could allow attackers t...

6.1CVSS5.9AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 12:0 a.m.16 views

CVE-2026-36763

The CVE-2026-36763 entry describes a stored XSS in SpringBlade v4.8.0, exploitable via the /api/blade-desk/notice/submit endpoint by injecting crafted input into the content parameter. The NVD entry confirms the issue and lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, lo...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.11 views

PT-2026-36152

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.4 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

5.3AI score0.00631EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 12:0 a.m.31 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

0.00631EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Aranda Service Desk 安全漏洞

Aranda Service Desk is an IT service management and helpdesk system provided by the American company Aranda. Versions of Aranda Service Desk prior to 8.3.12 contained security vulnerabilities. These vulnerabilities stemmed from the Aranda File Server component storing daily activity logs in a...

7.5CVSS5.8AI score0.00631EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 12:0 a.m.10 views

CVE-2025-67223

The CVE concerns the Aranda File Server (AFS) component in Aranda Software Aranda Service Desk prior to 8.3.12. It stores daily activity logs with predictable names in a publicly accessible directory, enabling unauthenticated remote attackers to obtain direct virtual paths to uploaded files and b...

7.5CVSS5.3AI score0.00631EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.9 views

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

5.4CVSS5.5AI score0.00193EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.11 views

BrowserTools MCP 命令注入漏洞

BrowserTools MCP is an open-source browser monitoring and AI interaction tool developed by AgentDeskAI. Versions of BrowserTools MCP 1.2.0 and earlier contained a command injection vulnerability, which stemmed from the os command injection present in the browser-tools-server/browser-connector.ts...

7.5CVSS7.1AI score0.01707EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:32 p.m.4 views

EUVD-2026-25088

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS5.9AI score0.00193EPSS
Exploits1References3
NVD
NVD
added 2026/04/22 9:17 p.m.10 views

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

5.4CVSS0.00193EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 7:52 p.m.15 views

CVE-2026-3837

CVE-2026-3837 – Frappe Framework 16.10.0 : An authenticated attacker can store crafted values in multiple field formatters and cause client-side script execution when another user opens the affected document in Desk. The issue arises because the vulnerable formatters interpolate stored values int...

5.4CVSS5.9AI score0.00193EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:52 p.m.34 views

CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS0.00193EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 7:52 p.m.5 views

CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS6.1AI score0.00193EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34557

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.0 Description An authenticated attacker can persist crafted values in multiple field types to trigger client-side script execution when another user opens the affected document in Desk. This occurs because vulnerable...

5.4CVSS5.9AI score0.00193EPSS
Exploits1References7
NVD
NVD
added 2026/04/21 5:16 p.m.7 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:48 p.m.6 views

EUVD-2026-24173

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder