Lucene search
K

1694 matches found

OSV
OSV
added 2026/01/09 4:16 p.m.7 views

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 4:16 p.m.7 views

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

5.4CVSS0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.6 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.4CVSS5.9AI score0.02586EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40932

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS6AI score0.01984EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.6 views

CVE-2022-31854

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...

7.2CVSS7.5AI score0.24939EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.11 views

CVE-2020-7589

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated...

9.1CVSS6.9AI score0.0199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.10 views

CVE-2020-7593

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants V1.81.01 - V1.81.03, LOGO! 8 BM incl. SIPLUS variants V1.82.01, LOGO! 8 BM incl. SIPLUS variants V1.82.02. A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacke...

9.8CVSS7.9AI score0.09071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.5 views

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

6.1CVSS6AI score0.007EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.7 views

CVE-2024-39922

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...

5.1CVSS4.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.4 views

CVE-2025-40817

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...

7.1CVSS7AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.3 views

CVE-2025-40816

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...

7.6CVSS7AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.2 views

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

6.6AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1878

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/TIM FLOW versions through 9.1.2 Description The software contains multiple authorization bypass issues. A user with low privileges can download password hashes belonging to other users, access work items owned by other users,...

5.4CVSS6.6AI score0.00195EPSS
Exploits0References5
CVE
CVE
added 2026/01/09 12:0 a.m.11 views

CVE-2025-67282

TIM BPM Suite/TIM FLOW (through version 9.1.2) contains multiple Authorization Bypass vulnerabilities that permit a low-privilege user to: download other users’ password hashes, access other users’ work items, modify restricted workflow content, alter the application logo, and manipulate other us...

5.4CVSS6.6AI score0.00195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/09 12:0 a.m.24 views

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:17 p.m.7 views

CVE-2026-0649

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

5.8CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 12:32 a.m.26 views

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

5.8CVSS0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 12:32 a.m.3 views

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

5.8CVSS6.4AI score0.00223EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 12:32 a.m.20 views

CVE-2026-0649

Invoice Ninja up to 5.12.38 is affected by a server-side request forgery in the Migration Import component. The vulnerability is in the copy function of /app/Jobs/Util/Import.php where manipulation of the company_logo argument can be exploited remotely. Public disclosures exist; exploitation deta...

5.8CVSS4.8AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/03 7:7 a.m.10 views

CVE-2025-13153

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.4AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder