Lucene search
K

99 matches found

Packet Storm
Packet Storm
added 2025/08/26 12:0 a.m.162 views

📄 GeoVision ASManager Windows Application 6.1.2.0 Remote Code Execution

GeoVision ASManager Windows Application version 6.1.2.0 suffers from a remote code execution vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...

8.8CVSS8.2AI score0.19519EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.336 views

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)

Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...

8.8CVSS9.5AI score0.19519EPSS
Exploits3
OSV
OSV
added 2025/05/29 3:18 p.m.19 views

CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

6.9CVSS7AI score0.00351EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.10 views

CVE-2024-23713

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.1AI score0.00083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.4 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS6.7AI score0.00513EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.9 views

PT-2025-23174 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.179 Description: The issue concerns the lack of a check to ensure users can only disable notifications for mailboxes they already have access to. The code allows users to gain access to a mailbox by disabling o...

8.1CVSS6.7AI score0.00351EPSS
Exploits1References7
Snyk
Snyk
added 2025/04/11 2:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML content of email notification settings. An attacker can inject malicious scripts by crafting malicious inputs that are rendered in the preview mode. Note: This is only exploitable if the attacker ha...

5.4CVSS5.3AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/01 12:26 a.m.9 views

CVE-2025-26264

GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...

8.8CVSS9.1AI score0.19519EPSS
Exploits3References1
NVD
NVD
added 2025/02/27 10:15 p.m.14 views

CVE-2025-26264

GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...

8.8CVSS0.19519EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/02/27 12:0 a.m.5 views

CVE-2025-26264

GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...

9.1AI score0.19519EPSS
Exploits3References2
CVE
CVE
added 2025/02/27 12:0 a.m.92 views

CVE-2025-26264

Geovision GV-ASWeb (ASManager) versions 6.1.2.0 or earlier are affected by a Remote Code Execution (RCE) vulnerability in the Notification Settings feature. An authenticated attacker with System Settings privileges can exploit this flaw to run arbitrary commands on the server, potentially leading...

8.8CVSS9.1AI score0.19519EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2025/02/26 6:11 p.m.119 views

Exploit for CVE-2025-26264

CVE-2025-26264 CVE-2025-26264 - GeoVision GV-ASWeb with the ve...

8.8CVSS8.5AI score0.19519EPSS
Exploits3
OSV
OSV
added 2025/02/04 8:15 a.m.3 views

CVE-2025-20893

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications...

5.1CVSS5.8AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 7:19 a.m.9 views

CVE-2025-20893

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications...

5.1CVSS5.2AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 6:15 a.m.25 views

CVE-2024-7877

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

4.8CVSS0.00358EPSS
Exploits1References1
OSV
OSV
added 2024/11/05 6:15 a.m.3 views

CVE-2024-7877

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

4.8CVSS5.8AI score0.00358EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/05 6:0 a.m.12 views

CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

4.8AI score0.00358EPSS
Exploits1References1
CVE
CVE
added 2024/11/05 6:0 a.m.52 views

CVE-2024-7877

CVE-2024-7877 concerns the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (versions prior to 1.6.7.55). The issue arises from inadequate sanitization/escaping of certain Notification settings, enabling stored Cross-Site Scripting (XSS) by authenticated users with adm...

4.8CVSS5.1AI score0.00358EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/05 6:0 a.m.32 views

CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

0.00358EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/03 12:0 a.m.10 views

PT-2024-38653 · WordPress · The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Name of the Vulnerable Software and Affected Versions: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin versions prior to 1.6.7.55 Description: The issue is related to the lack of sanitization and escaping of some Notification settings in the plugin,...

4.8CVSS6.4AI score0.00358EPSS
Exploits1References7
Rows per page
Query Builder