Lucene search
K

5655 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:27 p.m.5 views

CVE-2020-2959

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Orac...

8.6CVSS6.8AI score0.0262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:14 p.m.7 views

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

8.8CVSS7.3AI score0.02082EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:11 p.m.9 views

CVE-2015-10086

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling...

9.8CVSS7.6AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:41 a.m.12 views

CVE-2024-7829

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and...

9.8CVSS7AI score0.01821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:37 a.m.9 views

CVE-2024-12228

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

9.8CVSS7.4AI score0.00663EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:16 a.m.14 views

CVE-2024-3354

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/modusers/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

9.8CVSS7.3AI score0.00897EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:29 a.m.9 views

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

9.8CVSS9.7AI score0.91559EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:28 p.m.3 views

CVE-2024-8301

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can b...

9.8CVSS9.6AI score0.00768EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 11:18 a.m.12 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high integrity impact, low confidentiality impat. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

7.4CVSS8.8AI score0.01257EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.3 views

PT-2025-4395 · Vmware · Vmware Aria Operations For Logs

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script,...

9CVSS8.6AI score0.00642EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/01/30 12:0 a.m.8 views

Ubiquiti Networks UniFi Improper Access Control (CVE-2016-7792)

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

8.8CVSS7.5AI score0.03007EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2025/01/29 12:0 a.m.5 views

The vulnerability of the Open Social CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Open Social CMS system, Drupal, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.0021EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/28 10:0 p.m.7 views

CVE-2025-0787 ESAFENET CDG appDetail.jsp cross site scripting

A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be launched remotely. The exploit has be...

5.3CVSS3.7AI score0.00295EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/28 10:0 p.m.17 views

CVE-2025-0786 ESAFENET CDG appDetail.jsp sql injection

A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

6.5CVSS0.00399EPSS
Exploits0References4
NVD
NVD
added 2025/01/28 8:15 p.m.13 views

CVE-2025-0784

A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can b...

6.3CVSS0.00472EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/28 6:31 p.m.8 views

CVE-2025-0783 pankajindevops scale API Endpoint access control

A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...

6.5CVSS6.3AI score0.00306EPSS
Exploits0References5
Redos
Redos
added 2025/01/28 12:0 a.m.7 views

ROS-20250128-06

A vulnerability in the convertfromstr function of the numpy.core component of the NumPy for Python module is related to an incorrect string comparison. Exploitation of the vulnerability could allow an attacker acting remotely to initiate a copy. remotely to initiate data copying using specially...

5.5CVSS6.9AI score0.01561EPSS
Exploits3
CVE
CVE
added 2025/01/27 5:0 p.m.65 views

CVE-2025-0730

CVE-2025-0730 affects TP-Link TL-SG108E (version 1.0.0 Build 20201208 Rel. 40304). The vulnerability is in an unknown function of the HTTP GET Request Handler for /usr_account_set.cgi, where manipulating the username/password parameters in a GET request can disclose sensitive query data and is po...

6.3CVSS7AI score0.00663EPSS
Exploits1References6Affected Software1
Packet Storm News
Packet Storm News
added 2025/01/23 12:0 a.m.4 views

7-Zip Mark-of-the-Web Bypass

Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...

7CVSS7AI score0.67071EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.3 views

PT-2025-4237 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the Server: Optimizer component of MySQL Server, allowing an attacker with low privileges...

9.1CVSS6.8AI score0.16212EPSS
Exploits3References347
Rows per page
Query Builder