Lucene search
K

219 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:31 p.m.12 views

CVE-2010-2469

The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device...

5CVSS7.2AI score0.01324EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:16 p.m.7 views

CVE-2012-1614

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via 1 a direct request to plugins/visiblehookpoints/index.php, an invalid 2 page or 3 cat parameter to thumbnails.php, an invalid 4 page parameter to usermgr.php, or an invalid 5 newerthan or 6 oldertha...

5CVSS6.4AI score0.08711EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:11 a.m.9 views

CVE-2013-5118

Cross-site scripting XSS vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message...

4.3CVSS5.6AI score0.02418EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 a.m.13 views

CVE-2013-3419

Cross-site scripting XSS vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981...

4.3CVSS5.9AI score0.00942EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.8 views

CVE-2010-3686

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

5CVSS7.3AI score0.02372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:8 a.m.6 views

CVE-2013-4093

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

5CVSS6.6AI score0.06883EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:46 a.m.10 views

CVE-2013-3574

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath aka mount parameter...

7.8CVSS7AI score0.0491EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:46 p.m.7 views

CVE-2003-0785

ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering...

7.5CVSS6.9AI score0.01487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:56 p.m.9 views

CVE-2009-1076

Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS7.1AI score0.0229EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/21 12:31 a.m.34 views

CVE-2025-5013 HkCms Search index.html cross site scripting

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack...

5.3CVSS0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/16 1:0 a.m.21 views

CVE-2025-4734 Campcodes Sales and Inventory System ci_update.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ciupdate.php. The manipulation of the argument id/name leads to sql injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS0.00451EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.10 views

PT-2025-21182 · Unknown · Sma1000 Appliance

Name of the Vulnerable Software and Affected Versions: SMA1000 Appliance affected versions not specified Description: A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker coul...

7.2CVSS6.9AI score0.0031EPSS
Exploits0References12
CVE
CVE
added 2025/05/11 4:0 p.m.61 views

CVE-2025-4541

CVE-2025-4541 affects LmxCMS 1.41. The vulnerability is in the function manageZt of the file c/admin/ZtAction.class.php within the POST Request Handler. Manipulation of the sortid argument enables SQL injection, with remote exploitation possible and a public exploit present. Multiple sources conf...

8.8CVSS6.9AI score0.00409EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/05/09 9:0 p.m.21 views

CVE-2025-4490 Campcodes Online Food Ordering System view-ticket-admin.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS0.00569EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/14 10:0 p.m.19 views

CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.1CVSS0.00334EPSS
Exploits1References4
CVE
CVE
added 2025/04/14 10:0 a.m.75 views

CVE-2025-3561

CVE-2025-3561 affects ghostxbh uzy-ssm-mall 1.0.0. The vulnerability is CSRF due to an unknown vulnerable function, potentially exploitable remotely. Exploit appears publicly disclosed. Connected sources align on the product/version and impact; no official patch/version fix is documented here. PT...

6.5CVSS4.6AI score0.00299EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2025/04/10 12:0 a.m.7 views

Tenda FH1202 Improper Access Control Vulnerability

The Tenda FH1202 is a wireless router manufactured by Tenda in China. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from improper access control due to the handling of the file /goform/wrlwpsset. An attacker can exploit this vulnerability to launch a...

6.9CVSS7AI score0.00564EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.7 views

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform arises from the lack of measures taken to protect the structure of web pages. This vulnerability allows attackers to carry out XSS attacks.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/31 7:0 a.m.12 views

CVE-2025-2981 Legrand SMS PowerView cross site scripting

A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

5.1CVSS3.7AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 1:0 p.m.9 views

CVE-2025-2847 Codezips Gym Management System over_month.php sql injection

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/overmonth.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS6.8AI score0.00476EPSS
Exploits1References4
Rows per page
Query Builder