Lucene search
K

26 matches found

Cvelist
Cvelist
added 2026/03/18 12:0 a.m.19 views

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.8 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8CVSS7.4AI score0.00874EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 10:46 a.m.7 views

CVE-2025-7632

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS6AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 12:30 p.m.5 views

EUVD-2025-84365

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS5.6AI score0.00426EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 11:15 a.m.4 views

CVE-2025-7632

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS0.00426EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 11:15 a.m.3 views

CVE-2025-7632

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

5.4CVSS5.8AI score0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 10:29 a.m.6 views

CVE-2025-7632 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 10:29 a.m.4 views

CVE-2025-7632 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

7.3CVSS5.7AI score0.00426EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 10:29 a.m.14 views

CVE-2025-7632

The CVE-2025-7632 entry relates to ZOHO ManageEngine Exchange Reporter Plus (web-based reporting tool). A stored cross-site scripting (XSS) flaw exists in the Public Folders report for versions 5723 and below, enabling scripts to be stored and potentially executed when other users access the affe...

7.3CVSS5.7AI score0.00426EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

ZOHO ManageEngine Exchange reporter Plus 安全漏洞

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46319

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software is susceptible to a Stored Cross-Site Scripting XSS issue within the Public Folders report functionality. This allows for the injection of malicious...

7.3CVSS5.6AI score0.00426EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-45213

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00874EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/27 4:41 a.m.8 views

Unauthorized Source Code Disclosure

astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...

7.8CVSS6.9AI score0.01465EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/01/13 9:15 p.m.30 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8CVSS8.8AI score0.00874EPSS
Exploits0References2
OSV
OSV
added 2023/01/13 9:15 p.m.2 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8CVSS6AI score0.00874EPSS
Exploits0References2
Prion
Prion
added 2023/01/13 9:15 p.m.13 views

Design/Logic Flaw

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

6.5CVSS8.7AI score0.00874EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/01/13 12:0 a.m.115 views

CVE-2022-42136

CVE-2022-42136 affects MailEnable on Windows. Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had access, enabling an attacker to store arbitrary code on those files and execute Remote Code Execution (RCE). The ...

8.8CVSS8.7AI score0.00874EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.4 views

PT-2023-14065 · Mailenable · Mailenable

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows authenticated mail users, under specific circumstances, to add files with unsanitized content in public folders where the IIS user had...

8.8CVSS8.8AI score0.00874EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/01/13 12:0 a.m.33 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.9AI score0.00874EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/13 12:0 a.m.9 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8AI score0.00874EPSS
Exploits0References2
Rows per page
Query Builder