Lucene search
K

26 matches found

OSV
OSV
added 2026/04/07 6:17 p.m.3 views

CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

4.6CVSS6AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/06 6:32 p.m.6 views

EUVD-2025-38048

Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...

4.3CVSS6.3AI score0.00114EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/06 3:56 p.m.11 views

CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...

4.3CVSS0.00114EPSS
Exploits0References1
Chainguard
Chainguard
added 2025/08/23 2:16 p.m.6 views

CVE-2021-35561 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9...

5.3CVSS6.6AI score0.06468EPSS
Exploits0
HPE Security Bulletins
HPE Security Bulletins
added 2025/04/08 12:0 a.m.3 views

HPESBNW04845 rev.1 - HPE Aruba Networking AOS-10 and AOS-8 Mobility Conductor, Controllers, and Gateways - Multiple Vulnerabilities

Potential Security Impact: Remote: Arbitrary Code Execution, Arbitrary Command Execution, Arbitrary File Download, Arbitrary File Modification, Cross-Site Scripting XSS, Unauthorized Arbitrary Command Execution SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba 7000 Series...

7.2CVSS6.2AI score0.01115EPSS
Exploits0
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.4 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.7.x through 9.7.5, 9.8.x through 9.8.2, and 9.9.x through 9.9.2, which stems from an inability to properly propagate privilege scheme updates...

4.6CVSS6.7AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Google Android 安全漏洞

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in Framework in Google Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1, which can be exploited by an attacker to elevate...

7.8CVSS7AI score0.00074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-24990 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises when shared channels are enabled in Mattermost,...

5.3CVSS6.9AI score0.0022EPSS
Exploits0References10
OSV
OSV
added 2024/08/12 1:38 p.m.6 views

CVE-2024-21876

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability via a URL parameter in Enphase IQ Gateway formerly known as Envoy allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...

9.1CVSS5.8AI score0.00796EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/03/17 7:29 p.m.145 views

Exploit for Improper Input Validation in Adobe Commerce

CVE-2022-24682 PoC How does this detection method work?...

10CVSS6.9AI score0.99199EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-32093 · Unknown +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...

9.8CVSS5.5AI score0.01273EPSS
Exploits0References30
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build problem analysis reports. A security vulnerability exists in JetBrains TeamCit...

6.5CVSS6.5AI score0.00615EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.30 views

VMware vRealize Orchestrator 代码问题漏洞

VMware vRealize Orchestrator is a workflow automation solution from VMware. It is designed to simplify the automation of complex IT tasks. A security vulnerability exists in VMware vRealize Orchestrator that originated when a malicious actor with unmanaged access to vRealize Orchestrator was able...

8.8CVSS8.2AI score0.01265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8AI score0.6845EPSS
Exploits5References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.6 views

SUSE CVE-2015-8080

Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...

7.5CVSS7.8AI score0.05362EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

9.3CVSS7.3AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2022/07/12 10:15 a.m.7 views

CVE-2022-34467

A vulnerability has been identified in Mendix Excel Importer Module Mendix 8 compatible All versions V9.2.2, Mendix Excel Importer Module Mendix 9 compatible All versions V10.1.2. The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the...

6.5CVSS5.7AI score0.00718EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.12 views

PT-2022-3547 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...

6.5CVSS6AI score0.00649EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/11/09 12:15 p.m.4 views

CVE-2021-42025

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...

6.8CVSS6.5AI score0.00565EPSS
Exploits0References2
OSV
OSV
added 2021/07/06 9:15 p.m.3 views

UBUNTU-CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

7.5CVSS7AI score0.01084EPSS
Exploits0References4
Rows per page
Query Builder