Lucene search
K

73 matches found

CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

Horilla 跨站脚本漏洞

Horilla is a free and open source human resources software from Horilla, Inc. A cross-site scripting vulnerability exists in Horilla version 1.3.0, which stems from multiple fields in the Project and Task modules not being properly cleared for user input, and could lead to a stored cross-site...

4.8CVSS5.9AI score0.00223EPSS
Exploits1References2
NVD
NVD
added 2025/09/18 2:15 p.m.7 views

CVE-2023-53387

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management cmd NOP OUT to the device for link recovery. If this cmd times out and clearing the doorbell fails,...

5.5CVSS0.00134EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-5351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into...

6.5CVSS6.8AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 2:15 p.m.4 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References2
NVD
NVD
added 2025/08/25 2:15 p.m.5 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.6 views

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 22.10.4 and 23.x versions prior to 23.04.4 that stems from the HTML bulk export feature not clearing the cache, which could lead to information disclosu...

7.5CVSS6.2AI score0.0038EPSS
Exploits0References3
CVE
CVE
added 2025/08/25 12:0 a.m.27 views

CVE-2023-47799

Mahara is affected by an information-disclosure vulnerability in the HTML bulk export feature, where exported files may leak images from other accounts because the per-account cache is not cleared. Affected: Mahara < 22.10.4 and Mahara 23.x

7.5CVSS6.7AI score0.0038EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.14 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

6.7AI score0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.7 views

PT-2025-34608 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4 Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-lin...

7.5CVSS6AI score0.0038EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.9 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

0.0038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue whe...

5.5CVSS6.1AI score0.00145EPSS
Exploits0References3
CheckPoint Security
CheckPoint Security
added 2025/06/08 12:0 a.m.14 views

CVE-2024-24915 - Potential vulnerability in SmartConsole where an administrator's credentials may be exposed to users with debugging privileges on the administrator's computer

Symptoms - Credentials are not cleared from memory after being used. A user with Administrator permissions can execute a memory dump for the SmartConsole process and fetch them. - This issue received the ID CVE-2024-24915. Solution This problem was fixed. The fix is included starting from: R82...

7.2CVSS7AI score0.00175EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

GNU GRUB 访问控制错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...

5.9CVSS6.8AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to clear flags when userdlmdestroylock fails, which could lead to reuse after release...

5.5CVSS5.5AI score0.00191EPSS
Exploits0References10
Snyk
Snyk
added 2025/01/06 4:31 p.m.1 views

Improper Authentication

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Authentication due to improper clearing of cookies through the handlehttp function of the air.py component. An attacker can gain unauthorized access to th...

7.5CVSS7AI score0.00374EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the wdev-cqmconfig pointer not being cleared after release...

7.8CVSS7AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2024/09/13 6:15 a.m.7 views

AZL-49191 CVE-2024-46673 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter. If aacinitadapter fails after...

7.8CVSS6.3AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.3 views

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode security vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...

5.4CVSS6.7AI score0.00319EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

Contao 代码问题漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao versions prior to 4.13.40, which stems from a token not being cleared after a password change on the front...

7.1CVSS6.9AI score0.00495EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.10 views

PT-2023-28197 · Gallagher · Gallagher Controller 6000

Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 versions 8.60 or earlier Gallagher Controller 6000 versions 8.70 prior to vCR8.70.231204a Description: Sensitive information is not properly cleared after a debug or power state transition in the Controller 6000. Thi...

4.6CVSS4.5AI score0.00311EPSS
Exploits0References6
Rows per page
Query Builder