Lucene search
+L

143 matches found

Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.8 views

PT-2025-4997 · Quotemedia · Quotemedia Tools

Name of the Vulnerable Software and Affected Versions: QuoteMedia Tools versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of Cross-site Scripting attack. Recommendations: For...

6.5CVSS9.1AI score0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/29 12:0 a.m.5 views

PT-2025-3480 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 REVB version 2.03 Description: The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to th...

9.8CVSS9.9AI score0.01132EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.17 views

SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2024:4360-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...

9.9CVSS7AI score0.16496EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.13 views

PT-2024-20715 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue is related to a Cross Site Scripting XSS vulnerability due to improper validation of column headings in Cognos...

6.1CVSS8.1AI score0.00273EPSS
Exploits0References5
OSV
OSV
added 2024/11/27 6:20 p.m.7 views

CVE-2024-41126 Out-of-bounds read when decoding SNMP messages in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...

8.3CVSS7.1AI score0.00286EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/25 7:19 p.m.25 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.7AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2024/11/25 7:19 p.m.16 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.6AI score0.00469EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.3 views

PT-2024-34962 · Opencart · Opencart Product Display

Name of the Vulnerable Software and Affected Versions: Ajinkya N OpenCart Product Display versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious script...

6.5CVSS5.9AI score0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.9 views

PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...

5.4CVSS4.2AI score0.00454EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-34834 · Fraudlabs Pro · Fraudlabs Pro Sms Verification

Name of the Vulnerable Software and Affected Versions: FraudLabs Pro SMS Verification versions 1.10.1 and earlier Description: A Cross-Site Request Forgery CSRF issue exists in FraudLabs Pro SMS Verification, allowing Stored XSS. Recommendations: For versions 1.10.1 and earlier, update to a versi...

7.1CVSS7.2AI score0.00152EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.9 views

PT-2024-34254 · Unknown · Swoop 1-Click Login: Passwordless Authentication

Name of the Vulnerable Software and Affected Versions: Swoop 1-Click Login: Passwordless Authentication version 1.4.5 Description: The issue is related to an Authentication Bypass by Primary Weakness vulnerability in the Passwordless Authentication feature. This vulnerability allows for...

9.8CVSS6.7AI score0.01092EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.9 views

PT-2024-6441

Name of the Vulnerable Software and Affected Versions CUPS versions 2.x cups-filters versions up to 2.0.1 Description The issue is related to the FoomaticRIPCommandLine function in the CUPS printing system, which allows remote command execution via a PPD file. This can be exploited when combined...

9CVSS7.4AI score
Exploits6References128
Positive Technologies
Positive Technologies
added 2024/09/21 12:0 a.m.8 views

PT-2024-39409 · Stirling Tools · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-Tools Stirling-PDF versions up to 0.28.3 Description: A vulnerability was found in the Markdown-to-PDF component of Stirling-Tools Stirling-PDF, leading to cross-site scripting. The attack can be initiated remotely, with a rather hig...

5.4CVSS6.7AI score0.00409EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/09/20 12:0 a.m.7 views

PT-2024-32092 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS versions 4.4.0 through 4.7.1 Description: The issue is related to a Directory Traversal vulnerability. This vulnerability can be exploited through the upload files feature, allowing unauthorized access to sensitive files and directories...

6.5CVSS7AI score0.00818EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.5 views

PT-2024-37770 · WordPress · Wp Hardening – Fix Your Wordpress Security

Name of the Vulnerable Software and Affected Versions: The WP Hardening – Fix Your WordPress Security plugin versions up to, and including, 1.2.6 Description: The issue is due to the use of an incorrect regular expression within the "Stop User Enumeration" feature, making it possible for...

5.3CVSS7.3AI score0.00381EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/14 12:0 a.m.6 views

PT-2024-39281

Name of the Vulnerable Software and Affected Versions: aimhubio aim versions up to 3.24 Description: A problematic issue was found in the dangerouslySetInnerHTML function of the textbox.tsx file in the Text Explorer component. The manipulation of the query argument leads to cross-site scripting. ...

5.4CVSS4.4AI score0.0047EPSS
Exploits1References16
OSV
OSV
added 2024/07/08 1:15 a.m.5 views

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

4.6CVSS5.7AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/06 12:0 a.m.6 views

PT-2024-28932 · Mediawiki · Mediawiki Checkuser Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: The Special:Investigate feature can expose suppressed information for log events due to the TimelineService not supporting proper suppression. Recommendations: For versions...

4.3CVSS7AI score0.00332EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.5 views

PT-2024-3960

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description The issue is related to a stored XSS in the Commit status publisher, which can be exploited by a remote attacker to conduct cross-site...

5.5CVSS5.8AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.6 views

PT-2024-13799 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.9 Description: A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of ur...

7.3CVSS5.9AI score0.00606EPSS
Exploits1References8
Rows per page
Query Builder