Lucene search
K

12 matches found

Patchstack
Patchstack
added 2026/05/12 10:23 p.m.9 views

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.18 views

PT-2026-36674

Name of the Vulnerable Software and Affected Versions Edimax BR-6428nC versions prior to 1.17 Description A buffer overflow can be triggered remotely via an unknown function within the '/goform/setWAN' endpoint. This occurs through the manipulation of the pptpDfGateway argument. Recommendations A...

9CVSS7.3AI score0.00481EPSS
Exploits0References15
NVD
NVD
added 2026/01/30 11:16 p.m.7 views

CVE-2020-37031

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memo...

8.6CVSS0.00161EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...

5.5CVSS6.8AI score0.00134EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 5:55 p.m.5 views

CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

5.3CVSS7AI score0.00164EPSS
Exploits0References5
OSV
OSV
added 2025/12/18 8:16 a.m.3 views

CVE-2025-60049

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

8.2CVSS5.8AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 7:22 a.m.5 views

EUVD-2025-204136

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

8.2CVSS6.6AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/11 11:24 p.m.16 views

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS6.8AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/28 1:46 p.m.27 views

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

5.1CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.8 views

CVE-2023-51531

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17...

8.8CVSS6.7AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2023/07/13 3:15 a.m.4 views

CVE-2023-37562

Cross-site request forgery CSRF vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed...

8.8CVSS5.7AI score0.00236EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/04/21 1:15 p.m.4 views

modoboa-automua (=1.0.0) potentially affected by CVE-2023-2227 via modoboa (=1.17.0)

modoboa PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on modoboa and may be impacted: - modoboa-automua =1.0.0 Source cves: CVE-2023-2227 Source advisory: OSV:PYSEC-2023-35...

9.1CVSS7.2AI score0.43756EPSS
Exploits1
Rows per page
Query Builder