Lucene search
K

307 matches found

CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress plugin Fancy Product Designer has a security vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/01/05 11:15 p.m.12 views

AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS7AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51289

Name of the Vulnerable Software and Affected Versions Soosyze version 2.0.0 Description The application has a file upload issue that permits attackers to upload arbitrary HTML files containing PHP code. This broken file upload mechanism could allow attackers to view sensitive file paths and execu...

9.8CVSS6.7AI score0.00537EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.8 views

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS6.5AI score0.00251EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 6:15 p.m.5 views

UBUNTU-CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS5.7AI score0.00251EPSS
Exploits0References6
CVE
CVE
added 2025/12/05 5:47 p.m.32 views

CVE-2025-66549

The CVE-2025-66549 entry concerns Nextcloud Desktop (the desktop sync client). Before version 3.16.5, locking a file inside an end-to-end encrypted directory would send the file’s path to the server unencrypted, allowing administrators to see it in logs. The root cause is unencrypted transmission...

2.7CVSS6.2AI score0.00251EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/02 1:21 a.m.4 views

EUVD-2025-36426

Keycloak unable to restrict access to the admin console...

3.7CVSS6AI score0.00386EPSS
Exploits0References7
CVE
CVE
added 2025/10/28 3:8 a.m.30 views

CVE-2025-10939

Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...

3.7CVSS6.2AI score0.00386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/28 2:58 a.m.5 views

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS6.1AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.10 views

PT-2025-44084

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...

3.7CVSS6.5AI score0.00386EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-6346

Malware in sbrugna...

5CVSS6.3AI score0.03281EPSS
Exploits5References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0746

Malware in sbrugna...

5CVSS6.4AI score0.03121EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-1176

Malware in sbrugna...

5CVSS6.4AI score0.03046EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-4163

Malware in sbrugna...

5CVSS9.2AI score0.023EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-4599

Malware in sbrugna...

5CVSS6.4AI score0.01173EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0303

Malware in sbrugna...

5CVSS6.4AI score0.01464EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-3759

Malware in sbrugna...

5CVSS6.4AI score0.01229EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-2463

Malware in sbrugna...

5CVSS6.4AI score0.01269EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-8328

Malware in sbrugna...

5.3CVSS5.5AI score0.01949EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-2395

Malware in sbrugna...

5CVSS6.4AI score0.01306EPSS
Exploits1References3
Rows per page
Query Builder