Lucene search
+L

82 matches found

RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.6 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:48 p.m.5 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/20 4:48 p.m.29 views

CVE-2026-27504 SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 3:28 p.m.7 views

GHSA-68RR-P4FP-J59V Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

9.2CVSS5.8AI score0.00471EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.4 views

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...

5.6AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

TencentOS Server 3: libssh (TSSA-2025:0983)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0983 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.8CVSS7.1AI score0.00407EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 10:52 p.m.3 views

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS6.1AI score0.00262EPSS
Exploits1References4
NVD
NVD
added 2026/01/09 5:15 p.m.10 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.16 views

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

8.1CVSS7AI score0.01018EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 8:15 p.m.5 views

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS5.8AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50566

Name of the Vulnerable Software and Affected Versions Ibexa versions 5.0.0-beta1 through 5.0.3 Description Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 lack proper password validation during password changes. An error introduced during the...

8.5CVSS6.5AI score0.00123EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.11 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

5.4CVSS5.4AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/11/20 12:0 a.m.24 views

CVE-2025-60796

CVE-2025-60796 affects phpPgAdmin 7.13.0 and earlier, with multiple reflected XSS vulnerabilities across components (e.g., sequences.php, indexes.php, admin.php, and other files). User input from $_REQUEST is echoed into HTML without proper encoding or sanitization, enabling attackers to execute ...

6.1CVSS6AI score0.00228EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/11/19 1:17 p.m.12 views

CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS0.00155EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/11/05 9:32 a.m.11 views

Revive Adserver: Stored-XSS in campaign name displayed in Banners modal

Description: A low-privilege authenticated user can create or edit advertiser/campaign names containing HTML/JavaScript. Those values are stored in the application and later rendered without proper HTML escaping in the admin Inventory → Banners advertiser/campaign picker. When an administrator...

6.5CVSS6.7AI score0.00203EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2568

Malware in sbrugna...

5.4CVSS5.6AI score0.00545EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-0935

Malware in sbrugna...

2.9CVSS6.4AI score0.00532EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-1379

Malware in sbrugna...

6.1CVSS6.3AI score0.01132EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0513

Malware in sbrugna...

6.5CVSS6.5AI score0.01403EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13679

Malware in sbrugna...

6.5CVSS5AI score0.00812EPSS
Exploits0References3
Rows per page
Query Builder