Lucene search
K

64 matches found

CVE
CVE
added 2025/10/13 9:16 p.m.13 views

CVE-2025-62358

WeGIA is a Web Manager for institutions. CVE-2025-62358 describes a Reflected XSS in the log parameter of configuracao_geral.php, prior to version 3.5.1, allowing an attacker to inject arbitrary JavaScript that runs in the victim’s browser. The issue is mitigated by upgrading to version 3.5.1 or ...

6.1CVSS5.9AI score0.00234EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/10/13 9:16 p.m.6 views

CVE-2025-62358 WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...

5.4CVSS6.3AI score0.00234EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41819

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.1 Description WeGIA is a web management application designed for institutions, particularly those using the Portuguese language. A Reflected Cross-Site Scripting XSS issue exists in the log parameter of the...

5.4CVSS6.2AI score0.00234EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.6 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an unvalidated log parameter in configuracaogeral.php and could lead to a reflective cross-site scripting...

6.1CVSS6AI score0.00234EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-29776

Malware in sbrugna...

9CVSS8.6AI score0.0187EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26728

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.00568EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 8:15 p.m.6 views

CVE-2025-34185

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'dblog' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials...

8.7CVSS0.00793EPSS
Exploits1References4
CVE
CVE
added 2025/09/16 7:44 p.m.29 views

CVE-2025-34185

Ilevia EVE X1 Server prior to 4.7.18.0.eden is affected by CVE-2025-34185, a pre-authentication file disclosure via the db_log POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials. This is an unauthenticated disclosur...

8.7CVSS6.3AI score0.00793EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.8 views

PT-2025-38075

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden contain a pre-authentication file disclosure issue via the db log POST parameter. Remote attackers can retrieve arbitrary...

8.7CVSS6.3AI score0.00793EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/09/04 4:23 a.m.2 views

CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

7.2CVSS6.9AI score0.00568EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.4 views

PT-2025-35866

Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to view th...

4.9CVSS6AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.12 views

PT-2025-35867

Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to remote code execution through the custom log parameter due to insufficient sanitization when saving the custom log pat...

7.2CVSS7.4AI score0.00568EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2016-10201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in...

6.1CVSS6.9AI score0.00814EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/07/31 12:0 a.m.130 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden File Disclosure

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated file disclosure vulnerability. Using the dblog POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. Ilevia EVE X1 Server 4.7.18.0.eden dblog...

7.3AI score
Exploits0
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.6 views

Astra Linux – Vulnerability in ansible-core

A flaw was discovered in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plain text during the execution of a playbook. This occurs when tasks such as includevars are used to load vaulted variables without setting the nolog: true parameter. As a result,...

5.5CVSS6.8AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.7 views

CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl...

6.1CVSS6.1AI score0.0037EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/16 12:0 a.m.4 views

NUUO Camera 注入漏洞

NUUO Camera is a series of webcams from NUUO. An injection vulnerability exists in NUUO Camera 20250203 and earlier versions, which originates in the printfile function of /handleconfig.php with a command injection in the parameter log...

7.5CVSS7.7AI score0.51881EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.1 views

Vim 安全漏洞

Vim is a cross-platform text editor from the Vim open source. A security vulnerability exists in Vim 9.1.1096 and earlier versions, which stems from a memory corruption triggered by the log parameter...

7.8CVSS4AI score0.00492EPSS
Exploits1References7
OSV
OSV
added 2024/09/14 3:15 a.m.4 views

AZL-53163 CVE-2024-8775 affecting package ansible for versions less than 2.17.11-1

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

5.5CVSS6.8AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.5 views

PT-2024-39241

Name of the Vulnerable Software and Affected Versions: Ansible affected versions not specified Description: A flaw was found in Ansible where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as...

7.1CVSS7.2AI score0.00269EPSS
Exploits0References69
Rows per page
Query Builder