Lucene search
+L

370 matches found

Vulnrichment
Vulnrichment
added 2025/09/25 10:32 a.m.2 views

CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting

A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...

4.8CVSS5.3AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2025/09/16 2:15 p.m.13 views

CVE-2025-8276

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

9.8CVSS0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 2:0 p.m.17 views

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

4.3CVSS0.00314EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 2:0 p.m.30 views

CVE-2025-8276

CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...

9.8CVSS5.4AI score0.00314EPSS
Exploits0References2
OSV
OSV
added 2025/09/09 2:15 a.m.5 views

CVE-2025-10117

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input alert'XSS' can lead to cross site scripting. The attack can be executed remotely. The...

5.4CVSS4.2AI score0.00289EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/05 12:34 a.m.10 views

CVE-2025-9845

A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument productcode/genname/productname/supplier leads to cross site scripting. It is possible to launch...

5.4CVSS3.7AI score0.00256EPSS
Exploits1References1
CVE
CVE
added 2025/09/04 12:2 a.m.25 views

CVE-2025-9940

CodeAstro Real Estate Management System 1.0 contains a cross-site scripting (XSS) vulnerability in the /feature.php file, caused by manipulation of the msg parameter. The issue can be triggered remotely and exploits are publicly available. Multiple sources (NVD, CVE listing, Red Hat, CNVD, PT Sec...

5.4CVSS3.8AI score0.00256EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/03 7:14 a.m.6 views

CVE-2025-9767

A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and m...

9.8CVSS7.7AI score0.00483EPSS
Exploits1References1
CVE
CVE
added 2025/09/03 12:32 a.m.22 views

CVE-2025-9845

The CVE-2025-9845 entry applies to Code-Projects Fruit Shop Management System 1.0. What’s vulnerable: the products.php file’s handling of the arguments product_code, gen_name, product_name, and supplier. Root cause: input parameter manipulation leads to cross-site scripting (XSS). Impact: remote ...

5.4CVSS5.4AI score0.00256EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.8 views

PT-2025-35702

Name of the Vulnerable Software and Affected Versions: Akinsoft MyRezzta versions s2.02.02 through v2.05.01 Description: An improper enforcement of behavioral workflow and uncontrolled resource consumption issue exists in Akinsoft MyRezzta, allowing for input data manipulation. This issue is...

6.3CVSS6.4AI score0.00183EPSS
Exploits0References5
NVD
NVD
added 2025/08/31 5:15 a.m.8 views

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

5.4CVSS0.00279EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-31163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function. CVE-2025-31163 Note...

6.6CVSS7.2AI score0.00178EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.9 views

PT-2025-34722 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability was detected in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in...

4.8CVSS3.4AI score0.00249EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-46400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

5.5CVSS5.2AI score0.00211EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/20 9:59 p.m.8 views

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

9.1CVSS7.2AI score0.00651EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/08/20 9:59 p.m.17 views

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

9.1CVSS0.00651EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/08/13 8:2 p.m.16 views

CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

6.3CVSS0.00621EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/07/01 4:36 p.m.5 views

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

7.4CVSS7.1AI score0.00568EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/01 4:31 p.m.4 views

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

7.4CVSS7.1AI score0.00568EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/01 2:56 p.m.8 views

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

7.4CVSS7.1AI score0.00568EPSS
Exploits0References5
Rows per page
Query Builder