Lucene search
+L

130 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42358

Malicious code in bioql PyPI...

6.8CVSS4.7AI score0.0008EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2618

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0101EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/09/23 3:9 p.m.9 views

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Summary Users that can edit modules could set a title that includes scripts. Description Some users administrators and content editors can set html in module titles and that could include javascript which could be used for XSS based attacks. With the addition of more roles being able to set modul...

4.8CVSS6.2AI score0.00171EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/09/23 3:9 p.m.4 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Persona Bar module. An attacker can inject and execute arbitrary scripts by setting crafted HTML ...

4.8CVSS5.5AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 9:15 a.m.7 views

CVE-2025-41031

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnovac/FotoUsuario/llamadaAjax/uploadImage’...

6.9CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2025/09/02 8:14 a.m.10 views

CVE-2025-41030

CVE-2025-41030 affects Deporsite by T-INNOVA. The root cause is lack of authorization, allowing an unauthenticated attacker to obtain information about other users via GET /ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona using the dni parameter. The CVSSv4 base score is 6.9 (ME...

6.9CVSS6.2AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.4 views

PT-2025-35543

Name of the Vulnerable Software and Affected Versions: Deporsite by T-INNOVA affected versions not specified Description: The application lacks proper authorization, allowing an unauthenticated attacker to obtain information from other users. This is achieved by sending a GET request to the...

6.9CVSS6.3AI score0.00307EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.4 views

T-INNOVA Deporsite 安全漏洞

T-INNOVA Deporsite is an application from T-INNOVA, Inc. A security vulnerability exists in T-INNOVA Deporsite that stems from a lack of authorization and could lead to the modification of other users' avatars via POST requests and the IdPersona and Foto parameters...

6.9CVSS6.7AI score0.00307EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/28 12:0 a.m.4 views

Enhancing Jailbreak Attacks on LLMs Via Persona Prompts

Jailbreak attacks aim to exploit large language models LLMs by inducing them to generate harmful content, thereby revealing their vulnerabilities. Understanding and addressing these attacks is crucial for advancing the field of LLM safety. Previous jailbreak approaches have mainly focused on dire...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/17 12:0 a.m.12 views

PHASE: Passive Human Activity Simulation Evaluation

Cybersecurity simulation environments, such as cyber ranges, honeypots, and sandboxes, require realistic human behavior to be effective, yet no quantitative method exists to assess the behavioral fidelity of synthetic user personas. This paper presents PHASE Passive Human Activity Simulation...

6.6AI score
Exploits0
Veracode
Veracode
added 2025/06/10 6:3 a.m.3 views

Denial Of Service (DoS)

github.com/kuadrant/authorino is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on post-authorization callbacks, allowing an attacker with developer persona access to overload the service...

5.7CVSS5.4AI score0.00278EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/06/09 6:30 a.m.24 views

GHSA-R8XR-PGV5-GXW3 Authorino Uncontrolled Resource Consumption vulnerability

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

5.7CVSS7.2AI score0.00278EPSS
Exploits0References4
CVE
CVE
added 2025/06/09 6:13 a.m.63 views

CVE-2025-25209

CVE-2025-25209 affects Red Hat Connectivity Link. The issue arises in the AuthPolicy metadata, where an object storing secrets assumes they already exist in the kuadrant-system instead of copying them to the referred namespace, enabling a attacker with developer persona access to leak secrets via...

5.7CVSS5.5AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2025/06/09 6:13 a.m.67 views

CVE-2025-25208

CVE-2025-25208 affects the Authorino project (github.com/kuadrant/authorino) and is described as an uncontrolled resource consumption denial of service through an authpolicy with sharedsecretref, per multiple connected entries (e.g., CVE list/circl). The core impact is that a malicious/developer ...

5.7CVSS5.6AI score0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/09 6:13 a.m.2 views

CVE-2025-25208 Rhcl: authorino denial of service through authpolicy with sharedsecretref severity

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

5.7CVSS5.9AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2025/06/09 6:12 a.m.72 views

CVE-2025-25207

The CVE concerns Authorino in Red Hat Connectivity Link. A developer-persona attacker can flood the service with post‑authorization callbacks, and since policy enforcement is handled by a single Authorino instance, this leads to Denial of Service during post‑authorization callback processing. Doc...

5.7CVSS5.7AI score0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.10 views

CVE-2024-23295

A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona...

6.2CVSS5.8AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.7 views

CVE-2024-40865

The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona...

5.3CVSS6.5AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.5 views

CVE-2022-39913

Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T13 allows local attacker to access user profiles information...

6.8CVSS4.5AI score0.0008EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.9 views

CVE-2020-2293

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller...

6.5CVSS6.7AI score0.0101EPSS
Exploits0
Rows per page
Query Builder