Lucene search
K

1694 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.6 views

CVE-2025-69828

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...

10CVSS6.1AI score0.00486EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.8 views

PT-2026-4457

Name of the Vulnerable Software and Affected Versions LogicHunt Logo Slider versions through 4.9.0 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious...

5.9CVSS5.3AI score0.00142EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.4 views

WordPress plugin Logo Slider has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.9CVSS5.7AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.7 views

CVE-2025-69828

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...

10CVSS0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 12:0 a.m.17 views

CVE-2025-69828

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...

0.00486EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 12:0 a.m.2 views

CVE-2025-69828

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...

6.1AI score0.00486EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.5 views

TMS Management Console security vulnerabilities

TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Logo upload function in the /Customer/AddEdit section, which has a file upload...

10CVSS6.1AI score0.00486EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 12:0 a.m.16 views

CVE-2025-69828

CVE-2025-69828 affects TMS Global Software TMS Management Console v6.3.7.27386.20250818. A file upload vulnerability in the Logo upload endpoint at /Customer/AddEdit allows remote code execution. Technical details indicate high-impact, network-exposed access with no privileges required and no use...

10CVSS6.1AI score0.00486EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.10 views

PT-2026-3956

Name of the Vulnerable Software and Affected Versions TMS Global Software TMS Management Console version 6.3.7.27386.20250818 Description A file upload issue exists in TMS Global Software TMS Management Console version 6.3.7.27386.20250818. A remote attacker can potentially execute arbitrary code...

10CVSS5.9AI score0.00486EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-4142

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through = 2.8...

5.4AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:0 a.m.2 views

CVE-2025-69828

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...

10CVSS6AI score0.00486EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/21 9:25 a.m.5 views

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/01/21 12:0 a.m.7 views

pcs security update

0.10.18-2.0.1.el810.8 - Replaced HAM-logo 0.10.18 - Debrand PCS 0.10.18-2.el810.8 - Fixed CVE-2025-67725, CVE-2025-67726 by patching bundled Tornado Resolves: RHEL-136415, RHEL-136420...

7.5CVSS5.4AI score0.00396EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:14 a.m.1 views

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS5.9AI score0.00331EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 9:14 a.m.10 views

CVE-2025-41084

CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 9:14 a.m.3 views

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 9:14 a.m.17 views

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.9 views

PT-2026-3547

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.14 views

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

5.4CVSS7AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/10 5:40 a.m.7 views

WordPress Logo Slider plugin <= 4.9.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Logo Slider versions = 4.9.0...

5.9CVSS5.3AI score0.00142EPSS
Exploits0Affected Software1
Rows per page
Query Builder