Lucene search
K

387 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-14295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset...

5.5CVSS6.4AI score0.015EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-52776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dfs-radar and temperature event locking The ath12k active pdevs are...

5.9CVSS5.8AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2025/07/14 8:17 p.m.124 views

CVE-2025-53643

CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...

7.5CVSS7.3AI score0.00297EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/07/14 7:33 p.m.7 views

GHSA-9548-QRRJ-X5PJ AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

6.3CVSS6.9AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.8 views

CVE-2024-44083

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue...

7.5CVSS6.9AI score0.01365EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.7 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

5.4CVSS5.3AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:9 a.m.7 views

CVE-2023-50722

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

9.6CVSS6.9AI score0.00657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:3 p.m.7 views

CVE-2025-39410

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...

9.8CVSS8.6AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 7:15 p.m.8 views

CVE-2025-39410

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...

9.8CVSS0.00408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 6:58 p.m.7 views

CVE-2025-39410 WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...

9.8CVSS9.5AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 6:58 p.m.44 views

CVE-2025-39410

CVE-2025-39410 describes a deserialization of untrusted data vulnerability in the WordPress plugin “Smart Sections Theme Builder – WPBakery Page Builder Addon” (versions up to 1.7.8). Public data in the connected documents confirms a PHP Object Injection flaw that affects this addon, with CVSS v3...

9.8CVSS8.6AI score0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 6:58 p.m.39 views

CVE-2025-39410 WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...

9.8CVSS0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

WordPress plugin Smart Sections Theme Builder - WPBakery Page Builder Addon 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Smart Sections Theme...

9.8CVSS8.5AI score0.00408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.11 views

PT-2025-22078 · Unknown · Smart Sections Theme Builder

Name of the Vulnerable Software and Affected Versions: Smart Sections Theme Builder - WPBakery Page Builder Addon versions 1.7.8 and earlier Description: The issue is related to the deserialization of untrusted data in the Smart Sections Theme Builder - WPBakery Page Builder Addon. This could...

9.8CVSS9.2AI score0.00408EPSS
Exploits0References4
Snyk
Snyk
added 2025/04/25 3:31 p.m.3 views

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper permission checks in the AJAX section delete functionality. An attacker can delete course sections without having the necessary permissions by exploiting this...

5.3CVSS6.7AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2025/04/25 3:15 p.m.5 views

UBUNTU-CVE-2025-3644

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify...

4.3CVSS5.8AI score0.00273EPSS
Exploits0References5
CVE
CVE
added 2025/04/25 2:43 p.m.75 views

CVE-2025-3644

CVE-2025-3644 : A flaw in Moodle allows a user to delete course sections without proper modify permissions. The connected sources confirm Moodle as affected, citing insufficient permission checks as the root cause; the available details do not specify affected versions beyond Moodle in general, n...

4.3CVSS4.5AI score0.00273EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.6 views

Moodle 安全漏洞

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from a lack of a checking mechanism that can be exploited by an attacker to delete sections o...

4.3CVSS6.8AI score0.00273EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.4 views

PT-2025-17919

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in the software, where additional checks were required to prevent users from deleting course sections they did not have permission to modify. Recommendations At the moment,...

4.3CVSS5.8AI score0.00273EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/03/15 2:16 a.m.15 views

CVE-2025-25615

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections...

6CVSS6.8AI score0.00454EPSS
Exploits0References1
Rows per page
Query Builder