Lucene search
K

2870 matches found

CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from the product’s editing module being vulnerable to SQL injection attacks...

9.8CVSS5.9AI score0.00359EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/23 12:0 a.m.30 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

0.00359EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

LangSmith Client SDKs 信息泄露漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.10 views

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/23 12:0 a.m.5 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.5AI score0.00359EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/21 7:23 p.m.7 views

CVE-2026-23753

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...

4.8CVSS5.7AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-41189

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS0.00223EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 3:32 p.m.4 views

GHSA-676V-WH57-P375 Dolibarr Allows Code Injection through its Website Module

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.9AI score0.00289EPSS
Exploits0References6
NVD
NVD
added 2026/04/21 3:16 p.m.5 views

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34029

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.42 views

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 12:0 a.m.12 views

CVE-2026-31018

In Dolibarr ERP & CRM <= 22.0.4, the Website module’s PHP code detection and editing permission enforcement is not consistently applied to all input parameters. This allows an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website ...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 6:32 a.m.9 views

Malicious code in @tushar-br/editing-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/20 6:32 a.m.5 views

MAL-2026-2936 Malicious code in @tushar-br/editing-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33820

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

4.8CVSS5.8AI score0.00151EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.6 views

PT-2026-33652

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete api key/edit api key of the file superagi/controllers/api key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be...

5.5CVSS5.4AI score0.003EPSS
Exploits0References5
Fedora
Fedora
added 2026/04/16 11:42 p.m.6 views

[SECURITY] Fedora 44 Update: kf6-ktextwidgets-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 addon with advanced text edting widgets...

5.8AI score
Exploits0
Rows per page
Query Builder