Lucene search
K

248 matches found

Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44305

Name of the Vulnerable Software and Affected Versions ThreatFire System Monitor version 4.7.0.53 Description A flaw exists in the kernel driver of ThreatFire System Monitor that allows for privilege escalation and arbitrary command execution. This is due to insecure access control through an...

7.8CVSS7.1AI score0.0013EPSS
Exploits1References5
CVE
CVE
added 2025/10/27 10:10 a.m.13 views

CVE-2025-59460

Technical details about CVE-2025-59460 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6.5AI score0.00394EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

WordPress plugin Flights Hotels Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.5AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.7 views

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

5.3CVSS0.00313EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 4:53 p.m.16 views

CVE-2025-62244

CVE-2025-62244 (Liferay Publications IDOR) affects Liferay Portal 7.3.1–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.8, plus 7.4 GA up to update 92 and 7.3 GA up to update 36. An insecure direct object reference via the parameter _com_liferay_change_tracking_web_portlet_Public...

4.8CVSS6.4AI score0.00264EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11264

Malware in sbrugna...

4.3CVSS5AI score0.01077EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4857

Malware in sbrugna...

7.8CVSS7.7AI score0.00376EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2002-0066

Malware in sbrugna...

7.5CVSS6.4AI score0.01635EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-21447

Malware in sbrugna...

9.8CVSS9.5AI score0.01287EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-9208

Malware in sbrugna...

7.5CVSS7.4AI score0.00621EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53488

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0122EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26815

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42712

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.02438EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-20000

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:26 p.m.43 views

CVE-2025-59562

CVE-2025-59562 concerns the Academy LMS WordPress plugin. The issue is described as an Insecure Direct Object Reference / Missing Authorization (Authorization Bypass Through User-Controlled Key) that affects Academy LMS versions up to 3.3.4. Patch status in the CVE entry shows a fix, with the aff...

5.5CVSS5.9AI score0.00335EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/17 7:56 p.m.11 views

jinjava has Sandbox Bypass via JavaType-Based Deserialization

Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as getClass, and block instantiation of Class objects. However, these protections can be bypassed. By using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying...

10CVSS8.1AI score0.02315EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/04 12:28 a.m.6 views

CVE-2025-56254

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...

4.3CVSS6.8AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/02 1:24 p.m.8 views

CVE-2025-0670 IDOR in Akinsoft's ProKuafor

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure. This issue affects ProKuafor: from s1.02.07 before v1.02.08...

4.7CVSS0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.4 views

PT-2025-33203 · Syedamirhussain91 · Db Backup

Name of the Vulnerable Software and Affected Versions: syedamirhussain91 DB Backup versions through 6.0 Description: A missing authorization flaw in syedamirhussain91 DB Backup allows exploitation due to incorrectly configured access control security levels. Recommendations: Update to a version...

6.5CVSS7.2AI score0.00294EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:38 a.m.6 views

CVE-2025-49154

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...

8.7CVSS7.5AI score0.00106EPSS
Exploits0References1
Rows per page
Query Builder