Lucene search
K

1889 matches found

OSV
OSV
added 2025/10/30 3:15 p.m.5 views

CVE-2025-5343

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

5.4CVSS5.8AI score0.00414EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 2:28 p.m.10 views

CVE-2025-5343 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

6.3CVSS0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 2:28 p.m.8 views

CVE-2025-5343 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

6.3CVSS5.8AI score0.00414EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 2:28 p.m.15 views

CVE-2025-5343

CVE-2025-5343 concerns ManageEngine Exchange Reporter Plus, affected up to version 5721. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the Instant Search feature, allowing an attacker to inject scripts that are stored on the server and executed when other users access the affec...

6.3CVSS5.8AI score0.00414EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/30 2:28 p.m.8 views

EUVD-2025-37003

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

6.3CVSS5.7AI score0.00414EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

ZOHO ManageEngine Exchange Reporter Plus 安全漏洞

ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus 5721 and prior versions, which stems from stored cross-site scripting in the Instant Search option...

6.3CVSS6AI score0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44413

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions through 5721 Description The software is susceptible to a Stored Cross Site Scripting issue within the Instant Search functionality. The issue allows for the injection of malicious scripts that are...

6.3CVSS6.2AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/23 3:30 p.m.7 views

EUVD-2025-35683

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

6.5CVSS7.1AI score0.00372EPSS
Exploits0References4
NVD
NVD
added 2025/10/23 2:15 p.m.11 views

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

6.5CVSS0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.3 views

Instant Developer Foundation 安全漏洞

Instant Developer Foundation is a low-code application development platform from the Italian company Instant Developer. A security vulnerability exists in Instant Developer Foundation versions prior to 25.0.9600 that stems from not properly cleaning up user-controlled inputs and could lead to cod...

6.5CVSS7.2AI score0.00372EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/23 12:0 a.m.4 views

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

7.3AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2025/10/23 12:0 a.m.16 views

CVE-2025-60852

CVE-2025-60852 is a CSV Injection vulnerability in Instant Developer Foundation before 25.0.9600. The root cause is insufficient sanitization of user-controlled input when generating CSV exports, allowing untrusted content to be included in the exported file. This can lead to code execution on th...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/23 12:0 a.m.10 views

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

0.00372EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/15 4:43 p.m.5 views

CVE-2025-37148

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/14 6:30 p.m.4 views

EUVD-2025-34252

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS6.4AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 5:15 p.m.3 views

CVE-2025-37148

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 4:43 p.m.10 views

CVE-2025-37148

CVE-2025-37148 affects HPE ArubaOS (AOS-8 Instant and AOS 10). Root cause: improper parsing of Ethernet frames in ArubaOS leading to unauthenticated denial of service. Impact: remote attacker can disrupt network services; remediation/fix version not specified in provided documents; no exploitatio...

6.5CVSS6.5AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 4:43 p.m.11 views

CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 4:43 p.m.1 views

CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS6.5AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-0564

Malware in sbrugna...

3.5CVSS6.4AI score0.00772EPSS
Exploits0References3
Rows per page
Query Builder