Lucene search
K

93 matches found

OSV
OSV
added 2025/09/29 9:15 a.m.4 views

CVE-2025-10341

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.3 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/bootstrap endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35913

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is present in the /apprain/information/manage/emailtemplate/add...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/27 9:24 p.m.1 views

CVE-2025-34163 Dongsheng Logistics Software Unauthenticated Arbitrary File Upload

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

10CVSS6.6AI score0.0061EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/25 11:32 p.m.2 views

CVE-2025-9429 mtons mblog Post submit cross site scripting

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

5.1CVSS3.8AI score0.00234EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/08/23 8:9 a.m.9 views

CVE-2025-53971

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS7.2AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 7:24 p.m.8 views

CVE-2025-8976

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.4CVSS6.7AI score0.00256EPSS
Exploits1References1
NVD
NVD
added 2025/08/12 9:15 p.m.7 views

CVE-2025-55171

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacaoremover.php allowing anonymous attacker without login to delete any Image files at endpoin...

7.5CVSS0.00591EPSS
Exploits0References3
NVD
NVD
added 2025/08/12 7:15 p.m.5 views

CVE-2025-55168

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...

9.8CVSS0.00379EPSS
Exploits1References3
NVD
NVD
added 2025/08/11 10:15 p.m.21 views

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

9.8CVSS0.01587EPSS
Exploits0References2
CVE
CVE
added 2025/08/10 2:32 a.m.33 views

CVE-2025-8790

CVE-2025-8790 affects Portabilis i-Educar up to 2.9.0. The vulnerability is in the API Endpoint component, specifically the file /module/Api/pessoa, where manipulating the ID argument leads to improper authorization. The issue is exploitable remotely, with exploits disclosed publicly. Multiple so...

5.3CVSS7.2AI score0.00274EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/10 12:0 a.m.11 views

PT-2025-32463 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9.0 Description: A critical issue exists in Portabilis i-Educar related to improper authorization. The vulnerability is located in the API Endpoint component, specifically within the /module/Api/pessoa fil...

5.3CVSS7AI score0.00274EPSS
Exploits0References10
OSV
OSV
added 2025/08/04 11:15 a.m.6 views

CVE-2025-8515

A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is...

3.7CVSS5.2AI score0.00252EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/07/02 3:21 a.m.7 views

U.S. Dept Of Defense: SQL Injection in URI Path Leading to Full Database Disclosure on ████████

A time-based blind SQL injection vulnerability was discovered in the URI path of the /home/server-ocsp/ endpoint on a U.S. Government Public Key Infrastructure website. The vulnerability allowed an unauthenticated attacker to interact with the backend MySQL database and extract sensitive...

7.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/26 12:0 a.m.97 views

📄 Java-springboot-codebase 1.1 Arbitrary File Read

Java-sprintboot-codebase version 1.1 suffers from an arbitrary file read vulnerability. Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

8.7CVSS7.1AI score0.03847EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/04/17 3:38 p.m.10 views

CVE-2025-32943

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

3.7CVSS6.7AI score0.00417EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/03 12:0 a.m.4 views

PT-2025-9587

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to an Insecure Direct Object References IDOR in the component "/getStudemtAllDetailsById?studentId=XX". This allows...

6.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.4 views

PT-2025-6004 · Qingscan · Qingscan

Name of the Vulnerable Software and Affected Versions: QingScan versions =1.8.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.4 views

PT-2025-3407 · Unknown · Phpgurukul Online Birth Certificate System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Online Birth Certificate System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was identified in the PHPGURUKUL Online Birth Certificate System. The issue arises via the profile name to the...

5.4CVSS5.7AI score0.00258EPSS
Exploits2References4
OSV
OSV
added 2025/01/30 11:15 a.m.2 views

CVE-2025-0739

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...

6.5CVSS5.7AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder