Lucene search
K

29 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-27404

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-54973

Name of the Vulnerable Software and Affected Versions LMS versions prior to 9.8 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the victim's browser without requiring authentication. Recommendations Update to a version new...

7.1CVSS6AI score0.0018EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/30 1:28 p.m.4 views

WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme LMS versions = 9.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/25 6:1 p.m.6 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 6:0 a.m.12 views

EUVD-2026-35985

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00282EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/11 12:26 a.m.5 views

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

6.9CVSS6AI score0.00185EPSS
Exploits0References3
OSV
OSV
added 2026/02/24 3:16 a.m.4 views

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS6AI score0.00902EPSS
Exploits1References1
Apple
Apple
added 2026/01/26 12:0 a.m.30 views

Apple Security Update: iOS 16.7.13 and iPadOS 16.7.13

Apple recommends to install security update iOS 16.7.13 and iPadOS 16.7.13 on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation...

5.9AI score
Exploits0References1Affected Software2
OSV
OSV
added 2025/09/04 5:15 p.m.3 views

CVE-2025-9636

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS7AI score
Exploits0References1
OSV
OSV
added 2025/07/09 12:0 a.m.4 views

OPENSUSE-SU-2025:15327-1 coreutils-9.7-3.1 on GA media

These are all security issues fixed in the coreutils-9.7-3.1 package on the GA media of openSUSE Tumbleweed...

4.4CVSS5.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.15 views

CVE-2022-25786

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...

4.9CVSS6.6AI score0.00688EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 3:15 p.m.3 views

CVE-2024-50419

Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7...

9.8CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.5 views

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of limitations on incorrect login attempts for API logins, which could lead to unauthorized access to other user accounts...

9.8CVSS6.6AI score0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.5 views

PT-2024-29293 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...

7.1CVSS7AI score0.00362EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/10/13 12:0 a.m.3 views

GRANDING UTime Master Security Vulnerability

GRANDING UTime Master is a powerful web-based time and attendance management software from GRANDING. A security vulnerability exists in GRANDING UTime Master v9.0.7-Build: Apr 4,2023 that stems from a vulnerability that allows an authenticated attacker to access sensitive information via a crafte...

6.5CVSS6.3AI score0.00483EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.2 views

Omron CX-Programmer 资源管理错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in Omron CX-Programmer version v.9.77 and prior versions, which stems from a memory reuse after release issue...

7.8CVSS7.3AI score0.00249EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/04 2:15 p.m.2 views

CVE-2022-25782

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7...

5.5CVSS6.1AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2022/05/04 2:15 p.m.9 views

CVE-2022-25779

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7...

4.3CVSS5.8AI score0.00517EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.6 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from the exposure of information in Secomea GateManager's Web UI, and could be exploited by an attacker to allow logged-in...

4.3CVSS5.3AI score0.00584EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.5 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea.A security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from an unprotected alternate channel vulnerability in the debug console. An attacker could use this vulnerability to...

4.9CVSS5.5AI score0.00688EPSS
Exploits0References2
Rows per page
Query Builder