Lucene search
K

102 matches found

CNNVD
CNNVD
added 2025/06/10 12:0 a.m.3 views

SAP MDM Server 安全漏洞

SAP MDM Server is an MDM server from SAP, Germany. A security vulnerability exists in SAP MDM Server that stems from a flaw in the session control mechanism and could allow an attacker to perform non-sensitive operations or consume resources without re-authentication...

5.6CVSS6.5AI score0.00208EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.2 views

PT-2025-24489 · Lambertgroup · Lambertgroup Universal Video Player

Name of the Vulnerable Software and Affected Versions: LambertGroup Universal Video Player versions 3.8.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that a...

7.1CVSS6.7AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.16 views

CVE-2023-51447

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS5.8AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:48 p.m.11 views

CVE-2022-41542

devhub 0.102.0 was discovered to contain a broken session control...

5.4CVSS7.3AI score0.00613EPSS
Exploits0References1
Citrix
Citrix
added 2025/05/09 12:0 a.m.10 views

Unable to take control during a Teams session with a Linux Workspace

Unable to take control during a Teams session with a Linux Workspace...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.4 views

python-asyncssh: Rogue Session Attack

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

6.8CVSS5.8AI score0.00867EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.8 views

PT-2025-20220 · Woobox · Woobox

Name of the Vulnerable Software and Affected Versions: Woobox versions n/a through 1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a DOM-Based XSS vulnerability, which allows attackers to...

6.5CVSS6.8AI score0.00174EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/04/22 12:0 a.m.296 views

📄 Online Exam Mastering System 1.0 Cross Site Scripting

Online Exam Mastering System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage:...

6.1CVSS6.2AI score0.00722EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.2 views

PT-2025-17181 · Crm Perks · Crm Perks

Name of the Vulnerable Software and Affected Versions: CRM Perks versions 1.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a Reflected XSS vulnerability, which means that an...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.2 views

PT-2025-17070 · Woocommerce · 17Track For Woocommerce

Name of the Vulnerable Software and Affected Versions: 17TRACK for WooCommerce versions 1.2.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means an attacker can...

7.1CVSS7.3AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.6 views

PT-2025-17063 · WordPress · Wp Video Posts

Name of the Vulnerable Software and Affected Versions: WP Video Posts versions 3.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...

7.1CVSS9.1AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17143 · Pootlepress · Pootlepress Mobile Pages

Name of the Vulnerable Software and Affected Versions: pootlepress Mobile Pages versions 1.0.0 through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacke...

7.1CVSS7.3AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17075 · Deetronix · Deetronix Booking Ultra Pro

Name of the Vulnerable Software and Affected Versions: Deetronix Booking Ultra Pro versions 1.1.19 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

7.1CVSS9.1AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/09 11:14 a.m.19 views

CVE-2025-21447

Memory corruption may occur while processing device IO control call for session control...

7.8CVSS7.3AI score0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/07 11:15 a.m.1 views

CVE-2025-21447

Memory corruption may occur while processing device IO control call for session control...

7.8CVSS5.8AI score0.00093EPSS
Exploits0References2
NVD
NVD
added 2025/04/07 11:15 a.m.11 views

CVE-2025-21447

Memory corruption may occur while processing device IO control call for session control...

7.8CVSS0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/07 10:16 a.m.11 views

CVE-2025-21447 Improper Validation of Array Index in Computer Vision

Memory corruption may occur while processing device IO control call for session control...

7.8CVSS7.5AI score0.00093EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/07 10:16 a.m.14 views

CVE-2025-21447 Improper Validation of Array Index in Computer Vision

Memory corruption may occur while processing device IO control call for session control...

7.8CVSS0.00093EPSS
Exploits0References1
CVE
CVE
added 2025/04/07 10:16 a.m.55 views

CVE-2025-21447

CVE-2025-21447 affects Qualcomm Snapdragon chipsets. The issue is memory corruption occurring when processing a device IOCTL call for session control, caused by an underlying vulnerability in the IOCTL handling path. The provided sources (NVD/Red Hat/CVE record and related feeds) confirm the memo...

7.8CVSS7.3AI score0.00093EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/14 3:45 p.m.30 views

CVE-2024-4822

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

6.5CVSS6.3AI score0.00439EPSS
Exploits0References1
Rows per page
Query Builder