Lucene search
K

19 matches found

OSV
OSV
added 2025/12/10 12:16 a.m.5 views

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS5.9AI score0.00429EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23215

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-34422

Malicious code in bioql PyPI...

4.9CVSS5.1AI score0.00796EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

EulerOS 2.0 SP12 : polkit (EulerOS-SA-2025-2021)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

6.7CVSS6.4AI score0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 7:29 p.m.4 views

CVE-2025-55106 BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

4.8CVSS6.8AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2025/08/01 1:2 p.m.3 views

OESA-2025-1915 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggere...

6.7CVSS7.9AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/30 9:44 p.m.21 views

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

4.6CVSS6.2AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/30 8:53 p.m.14 views

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS7AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 11:2 a.m.13 views

CVE-2025-3894

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...

4.8CVSS5.9AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:24 a.m.8 views

CVE-2023-25090

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.3 views

PT-2025-22649 · Megabip · Megabip

Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The text editor embedded into MegaBIP software does not neutralize user input, allowing Stored XSS attacks on other users. High privileges are required to use the editor. Recommendations: For versio...

8.6CVSS5.6AI score0.00361EPSS
Exploits0References7
NVD
NVD
added 2025/03/03 8:15 p.m.32 views

CVE-2024-51960

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:52 p.m.59 views

CVE-2024-51951

CVE-2024-51951 describes a stored Cross-site Scripting (XSS) vulnerability in Esri ArcGIS Server. Affected versions are 10.9.1 through 11.3; an authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. The impac...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/03 7:38 p.m.57 views

CVE-2024-51947

ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 7:38 p.m.8 views

CVE-2024-51944 Stored XSS in Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 7:37 p.m.9 views

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.5 views

SUSE CVE-2021-2166

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS6.3AI score0.04643EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.7 views

PT-2021-6676 · Oracle +1 · Mysql Cluster +1

Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 7.4.34 and prior MySQL Cluster versions 7.5.24 and prior MySQL Cluster versions 7.6.20 and prior MySQL Cluster versions 8.0.27 and prior Description: The issue is related to a buffer overflow in the memory of the MySQL...

10CVSS7.7AI score0.87816EPSS
Exploits22References425
erpscan
erpscan
added 2016/06/17 12:0 a.m.156 views

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

4CVSS6.8AI score0.01373EPSS
Exploits0
Rows per page
Query Builder