Lucene search
+L

308 matches found

CVE
CVE
added 2025/11/14 6:32 p.m.21 views

CVE-2025-13174

CVE-2025-13174 affects rachelos WeRSS we-mp-rss up to 1.4.7. The vulnerability lies in the Webhook Module’s function do_job (file path: /rachelos/we-mp-rss/blob/main/jobs/mps.py). Manipulating the argument web_hook_url can lead to server-side request forgery (SSRF). The attack may be executed rem...

6.5CVSS6.5AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.4 views

PT-2025-46997

Name of the Vulnerable Software and Affected Versions Bdtask/CodeCanyon SalesERP versions up to 20250728 Description A cross-site request forgery condition exists in Bdtask/CodeCanyon SalesERP. The issue affects an unspecified component and allows for remote manipulation. The exploit is publicly...

8.8CVSS4.5AI score0.0024EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.7 views

PT-2025-47012

Name of the Vulnerable Software and Affected Versions Intelbras ICIP version 2.0.20 Description A security issue exists in Intelbras ICIP 2.0.20. Manipulation of the NomeUsuario/SenhaAcess arguments within the file /xml/sistema/acessodeusuario.xml results in credentials being stored insecurely...

7.5CVSS5.5AI score0.00516EPSS
Exploits1References9
EUVD
EUVD
added 2025/11/11 8:20 p.m.4 views

EUVD-2025-106749

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...

7.6CVSS6.5AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46542

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE 6ED1052-1MD08-0BA2 affected versions not specified LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 affected versions not specified LOGO! 230RCE 6ED1052-1FB08-0BA2 affected versions not specified LOGO! 230RCEo 6ED1052-2FB08-0BA2 affected...

7.6CVSS6.4AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2025/11/10 2:15 a.m.4 views

CVE-2025-12924

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

6.5CVSS5.5AI score0.00335EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/10 1:2 a.m.3 views

CVE-2025-12924 rymcu forest BankController.java GlobalResult authorization

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

5.3CVSS6.3AI score0.00335EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.5 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.9AI score0.0036EPSS
Exploits1References1
CVE
CVE
added 2025/11/05 12:0 a.m.25 views

CVE-2025-60784

Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...

6.5CVSS6.5AI score0.0036EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/28 4:54 p.m.6 views

CVE-2025-12293

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.12 views

PT-2025-43760

Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL web affected versions not specified Description A security flaw exists in ajayrandhawa User-Management-PHP-MYSQL web. The issue involves cross-site request forgery, allowing remote attackers to perform...

5.3CVSS6.3AI score0.00265EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43916

Name of the Vulnerable Software and Affected Versions SourceCodester Online Student Result System version 1.0 Description A security issue exists in SourceCodester Online Student Result System 1.0. The system is susceptible to SQL injection due to improper handling of the ID parameter within the...

9.8CVSS7.5AI score0.00489EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.10 views

PT-2025-44065

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A cross site scripting issue exists in code-projects E-Commerce Website version 1.0. The issue is related to the manipulation of the supp name/supp address argument within the file...

6.1CVSS5.7AI score0.00356EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/16 9:31 p.m.7 views

EUVD-2025-34825

A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/deviceservice of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been...

6.9CVSS5.2AI score0.0056EPSS
Exploits0References5
NVD
NVD
added 2025/10/13 5:15 a.m.10 views

CVE-2025-11661

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

9.8CVSS0.00555EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/12 6:30 p.m.6 views

EUVD-2025-33901

A vulnerability was detected in Tomofun Furbo 360 up to FB0035FW036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did n...

5.3CVSS6AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18918

Malware in sbrugna...

6.3CVSS4.6AI score0.00242EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2966

Malware in sbrugna...

8.8CVSS6.6AI score0.00824EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2974

Malware in sbrugna...

7.3CVSS7.1AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-2572

Malware in sbrugna...

6.5CVSS6.6AI score0.02541EPSS
Exploits0References4
Rows per page
Query Builder