Lucene search
K

143 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.6 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.7AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6.5AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.3 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS6.2AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS7AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.3 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS6.2AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198895

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS5.8AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.4 views

EUVD-2025-198896

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS6.6AI score0.00387EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198892

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.7 views

EUVD-2025-198803

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.2AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.5 views

EUVD-2025-198802

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6AI score0.0016EPSS
Exploits0References3
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS0.00189EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.4 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS0.0016EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.6 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS0.00387EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.7 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 12:0 a.m.24 views

CVE-2025-60915

CVE-2025-60915 affects Austrian Openatlas: an issue in the size query parameter of /views/file.py allows path traversal with a crafted request in versions before v8.12.0. Impact is access to restricted paths; remediation is upgrading to v8.12.0 or later (no exploitation details provided in the do...

8.1CVSS6.7AI score0.00387EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.15 views

CVE-2025-56423

CVE-2025-56423 affects OpenAtlas v8.12.0 from the Austrian Academy of Sciences. A login error message handling flaw can disclose sensitive information to remote attackers, exposing confidentiality. Connected sources (Red Hat, EU ENISA, OSV, NVD, CVE listing) corroborate the issue description but ...

5.3CVSS6.3AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.15 views

CVE-2025-60914

CVE-2025-60914 describes an access-control flaw in the Austrian Archaeological Institute Openatlas prior to version 8.12.0, where a crafted GET request to the path /display_logo can disclose sensitive information. The affected product is Openatlas (by the Austrian Archaeological Institute). The u...

4.6CVSS6.1AI score0.0016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.13 views

CVE-2025-60916

CVE-2025-60916 is a reflected XSS vulnerability in Austrian OpenAtlas. The issue affects the /overview/network/ endpoint prior to OpenAtlas v8.12.0, where an attacker can inject a crafted payload into the charge parameter to execute arbitrary JavaScript in a user’s browser. The Red Hat/EU ENISA/O...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.20 views

CVE-2025-60917

CVE-2025-60917 is a reflected XSS in Austrian Archaeological Institute Openatlas prior to v8.12.0, discovered via the /overview/network/ endpoint where an attacker injects a payload into the color parameter to run code in a user’s browser. The vulnerability arises from unvalidated/reflected input...

4.6CVSS5.9AI score0.00189EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder