Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 6:31 p.m.4 views

EUVD-2026-22834

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 4:19 a.m.28 views

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.4.6 and earlier have a security vulnerability that stems from a storage-side cross-site scripting attack, which could allow arbitrary scripts to be executed in the user...

5.4CVSS6AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-32998

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/06 3:16 p.m.126 views

Exploit for CVE-2026-35616

CVE-2026-35616 - FortiClient EMS Vulnerability Detector !Py...

9.8CVSS6.3AI score0.88505EPSS
Exploits8
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.11 views

Fortinet FortiClientEms 安全漏洞

Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. Versions 7.4.5 to 7.4.6 of Fortinet FortiClientEms contain security vulnerabilities. These vulnerabilities stem from improper access control, allowing unauthorized attackers to execute...

9.8CVSS6.2AI score0.88505EPSS
Exploits8References2
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.4 views

CVE-2023-53982 PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

9.3CVSS7.5AI score0.00558EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.4 views

PT-2025-48945

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.8 Masa CMS versions prior to 7.3.13 Masa CMS versions prior to 7.4.6 Description Masa CMS is susceptible to a host header poisoning issue that can lead to account takeover through the password reset email...

8.8CVSS6.8AI score0.00171EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.4 views

Masa CMS 授权问题漏洞

Masa CMS is a digital experience platform. An authorization issue vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from host header poisoning and could lead to an account takeover via a password reset email...

8.8CVSS6.7AI score0.00171EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/18 5:1 p.m.2 views

CVE-2025-46776

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or comman...

6.4CVSS7.6AI score0.00139EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 9:15 p.m.10 views

CVE-2024-32640

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

9.8CVSS0.68593EPSS
Exploits3References7
EUVD
EUVD
added 2025/08/11 8:38 p.m.7 views

EUVD-2024-30442

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for th...

9.8CVSS8.3AI score0.68593EPSS
Exploits3References7
CNNVD
CNNVD
added 2025/08/11 12:0 a.m.5 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. A SQL injection vulnerability exists in MASA CMS versions prior to 7.4.6, prior to 7.3.13, and prior to 7.2.8, which stems from a SQL injection in the processAsyncObject method that could lead to remote code execution...

9.8CVSS8.4AI score0.68593EPSS
Exploits3References11
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Fortinet FortiADC 操作系统命令注入漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC, which stems from improper neutralization of special elements and could lead to OS command injection. The following versions are affected:...

7.2CVSS7.5AI score0.0123EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

OTCMS 代码问题漏洞

OTCMS OTCMS is a content management system CMS for article-based websites from OTCMS. A code issue vulnerability exists in OTCMS version 7.46 and prior versions, which stems from /admin/read.php containing a server-side request forgery issue...

4.3CVSS7AI score0.00283EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/15 12:56 p.m.7 views

WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Speed Optimizer versions = 7.4.6...

5.3CVSS7AI score0.0052EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/14 5:15 p.m.4 views

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

9.8CVSS6.5AI score0.01527EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/03/15 3:34 a.m.5 views

SUSE CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.3CVSS7.3AI score0.003EPSS
Exploits0References7
OSV
OSV
added 2023/03/06 9:15 p.m.3 views

CVE-2023-24734

An arbitrary file upload vulnerability in the cameraupload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file...

9.8CVSS7.6AI score0.20721EPSS
Exploits1References1
Rows per page
Query Builder