Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2025/12/23 11:31 a.m.3 views

CVE-2025-59886

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

8.8CVSS6.4AI score0.00278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/22 1:35 p.m.5 views

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS7.2AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 9:30 p.m.5 views

EUVD-2025-204604

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS6.7AI score0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:48 a.m.4 views

CVE-2022-31734

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.250SY...

6.1CVSS6.5AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2024/03/01 6:30 p.m.9 views

GHSA-HP2X-6VRM-7J7V Apache Archiva Reflected Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

5.4CVSS5.9AI score0.01341EPSS
Exploits0References5
OSV
OSV
added 2024/03/01 4:15 p.m.4 views

CVE-2024-27138

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...

7.5CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2024/03/01 3:41 p.m.95 views

CVE-2024-27138

CVE-2024-27138 concerns an Incorrect Authorization vulnerability in Apache Archiva. The affected software is Apache Archiva (retired/no longer maintained). The issue arises from a configuration that disables user registration, which can be bypassed, allowing unauthorized users to register or acce...

7.5CVSS7.4AI score0.01192EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/22 4:15 p.m.29 views

Command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to...

7.7CVSS7.7AI score0.32088EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder