Lucene search
K

20 matches found

OSV
OSV
added 2026/05/11 6:32 p.m.4 views

CVE-2026-42872 WeGIA: Reflected XSS in listar_arquivos_etapa.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:0 a.m.3 views

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

9.9CVSS6AI score0.00289EPSS
Exploits1References3
CVE
CVE
added 2026/02/18 8:37 p.m.12 views

CVE-2026-0573

CVE-2026-0573 affects GitHub Enterprise Server. The repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, preserving the Authorization header containing a privileged JWT. An authenticated user could redirect requests to an attacker-controlled domain, exfiltrate the A...

9CVSS6.2AI score0.00645EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:48 p.m.4 views

CVE-2026-23730

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/12/05 5:47 p.m.7 views

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS5.3AI score0.00251EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3116

Malware in sbrugna...

7.8CVSS7.7AI score0.00411EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:44 a.m.7 views

CVE-2023-5904

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

5.4CVSS6AI score0.00449EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.8 views

CVE-2019-5402

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

10CVSS7AI score0.04296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.9 views

CVE-2012-6714

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words...

6.1CVSS6AI score0.00913EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

CVE-2025-32826

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.7CVSS5.8AI score0.00683EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.16 views

PT-2024-29710 · Splashtop · Splashtop Streamer

Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.7.0.0 Description: The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges...

7CVSS7.3AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/03 12:0 a.m.7 views

PT-2023-4535

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.09 Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges...

5.3CVSS6.1AI score0.00892EPSS
Exploits0References30
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.4 views

Pure Storage FlashBlade 和 FlashArray 安全漏洞

Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...

9CVSS7.9AI score0.01072EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.6 views

guake 安全漏洞

guake is a python-based drop-down terminal designed for the GNOME desktop environment. A security vulnerability exists in guake that stems from guake exposing the executecommand and executecommandbyuuid methods via the d-bus interface, which allows a malicious user to run arbitrary commands via t...

8CVSS7.8AI score0.01113EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/08/06 12:0 a.m.6 views

NetApp Cloud Manager 信息泄露漏洞

Netapp NetApp Cloud Manager is an application from Netapp, Inc. which provides centralized orchestration of hybrid cloud storage and data management services. An information disclosure vulnerability exists in NetApp Cloud Manager, which stems from a flaw in the configuration of the product. An...

4.3CVSS5.2AI score0.00646EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

3S-Smart Software Solutions CODESYS Control runtime system 缓冲区错误漏洞

3S-Smart Software Solutions CODESYS Control runtime system is an application system from 3S-Smart Software Solutions, Germany. It is used for the conversion of any type of smart device to an IEC 61131-3 controller. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control...

9.8CVSS8.3AI score0.01144EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/03 12:0 a.m.7 views

Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2021-09040)

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in Rocket.Chat server versions prior to 3.9.0, which stems from the drag-and-drop functionality being susceptible to XSS attacks. No details of the vulnerability are available at this time...

5.4CVSS5.3AI score0.00903EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/10/08 12:0 a.m.13 views

PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3

Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...

10CVSS6.9AI score0.93305EPSS
Exploits4References18
Positive Technologies
Positive Technologies
added 2013/11/04 12:0 a.m.4 views

PT-2013-5038 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue is related to the improper management of a reference count by the ipc rcu putref function in the Linux kernel, which can be exploited by local users to cause a denial of service. This...

7.8CVSS7.3AI score0.05794EPSS
Exploits6References274
Positive Technologies
Positive Technologies
added 2012/08/21 12:0 a.m.4 views

PT-2012-1244 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue is related to the scsi ioctl function in the Linux kernel, which does not properly consider the SCSI device class during authorization of SCSI commands. This allows local users to bypa...

6.6CVSS5.7AI score0.00644EPSS
Exploits1References55
Rows per page
Query Builder