Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-40946

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

8.4CVSS6.2AI score0.00151EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 8:16 p.m.4 views

CVE-2026-35476

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

7.2CVSS0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 7:32 p.m.4 views

CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.3 views

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

6.4AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32090

Malicious code in bioql PyPI...

8.1CVSS8.2AI score0.00494EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/08/27 7:6 p.m.6 views

WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Chatbox Manager versions = 1.2.6...

6.5CVSS6AI score0.00154EPSS
Exploits0Affected Software1
Rows per page
Query Builder