Lucene search
K

1071 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 12:18 p.m.4 views

CVE-2018-25168

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...

5.3CVSS5.7AI score0.00217EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 12:18 p.m.44 views

CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...

5.3CVSS0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.11 views

Precurio Intranet Portal 代码问题漏洞

Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 2.0 of Precurio Intranet Portal has a code vulnerability. This vulnerability stems from the /public/admin/user/submitnew endpoint, where cross-site request forgery exists, potential...

5.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2026/02/27 12:5 p.m.9 views

Why Tehran’s Two-Tiered Internet Is So Dangerous

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.145 views

📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload

Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...

5AI score
Exploits0
NVD
NVD
added 2026/02/06 8:16 p.m.8 views

CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

5.4CVSS0.00217EPSS
Exploits1References4
OSV
OSV
added 2026/02/06 7:32 p.m.4 views

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

5.1CVSS4.2AI score0.00217EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/06 7:32 p.m.35 views

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

5.1CVSS0.00217EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

i-Educar 代码注入漏洞

i-Educar is a free educational software developed by Portábilis. Versions of i-Educar 2.10 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the File parameter in the user data page file/intranet/meusdadod.php, which could lead to cross-site...

5.4CVSS5.7AI score0.00217EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.4 views

CVE-2025-37186

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS7.5AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 9:15 p.m.8 views

CVE-2025-37186

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 8:16 p.m.23 views

CVE-2025-37186 Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

HPE Aruba Networking Virtual Intranet Access 安全漏洞

HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...

7.8CVSS6.2AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2464

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS7.6AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.12 views

CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command=remote='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for us...

9.8CVSS8.3AI score0.05434EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.39 views

SUSE CVE-2025-62155

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.9AI score0.00259EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/30 12:0 a.m.6 views

WordPress Prime Slider - Addons For Elementor plugin server-side request forgery vulnerability

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

9.1CVSS6.9AI score0.00154EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/30 12:0 a.m.5 views

WordPress 6Storage Rentals plugin server-side request forgery vulnerability

WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...

9.1CVSS7.2AI score0.00163EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.4 views

Mozilla Firefox < 3.6.9

The version of Firefox installed on the remote Windows host is prior to 3.6.9. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-63 advisory. - Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0...

4.3CVSS8.3AI score0.02001EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

Mozilla Firefox < 3.6.9

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.6.9. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-63 advisory. - Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey...

4.3CVSS8.3AI score0.02001EPSS
Exploits0References3
Rows per page
Query Builder