Lucene search
K

797 matches found

NVD
NVD
added 2026/03/23 10:16 p.m.3 views

CVE-2025-60948

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...

5.4CVSS0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27211

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...

5.1CVSS5.6AI score0.00206EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.20 views

Security Updates for Microsoft System Center Operations Manager (March 2026)

The version of Microsoft System Center Operations Manager installed on the remote Windows host is affected by an elevation of privilege vulnerability. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected SCOM instance. %NASLMINLEVEL...

8.8CVSS7.1AI score0.0106EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/12 5:56 p.m.4 views

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

6.5CVSS5.8AI score0.00737EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.30 views

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...

6.6CVSS0.00632EPSS
Exploits0References1
Amazon
Amazon
added 2026/02/18 12:0 a.m.6 views

Medium: vsftpd

Issue Overview: A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. CVE-2025-14242 Affected Packages:...

6.5CVSS5.5AI score0.00737EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.7 views

PT-2026-7269

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...

6.5CVSS6AI score0.00685EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/02/02 10:41 p.m.37 views

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

8.5CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/01/30 6:4 a.m.26 views

CVE-2026-0963

The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...

9.9CVSS6.5AI score0.00681EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/14 4:15 p.m.5 views

CVE-2025-14242

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

6.5CVSS0.00737EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/01/14 3:34 p.m.4 views

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

6.5CVSS5.8AI score0.00737EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/14 3:23 p.m.4 views

CVE-2025-14242

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

6.5CVSS5.5AI score0.00737EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.13 views

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.3AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.12 views

CVE-2023-31198

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM...

7.2CVSS7.5AI score0.01476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.6 views

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

8.8CVSS8.3AI score0.01075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.7 views

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS5.8AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.7 views

CVE-2022-38485

A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges...

6.5CVSS6.4AI score0.0309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0182

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master...

5.4CVSS5.7AI score0.00974EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.8 views

CVE-2022-26041

Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors...

6.5CVSS6.8AI score0.01445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.9 views

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

8.8CVSS7.2AI score0.01218EPSS
Exploits0References1
Rows per page
Query Builder