Lucene search
K

76 matches found

OSV
OSV
added 5 days ago8 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-56060

The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 5:23 p.m.22 views

CVE-2026-39335 ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

6.1CVSS0.00252EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:23 p.m.1 views

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

6.1CVSS5.9AI score0.00252EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30948

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

6.1CVSS5.9AI score0.00252EPSS
Exploits1References2
NVD
NVD
added 2026/02/20 4:22 p.m.13 views

CVE-2026-22352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.26 views

CVE-2026-22352 WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...

7.1CVSS0.0018EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-64775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0...

7.5CVSS6.8AI score0.01456EPSS
Exploits0References2
Atlassian
Atlassian
added 2025/12/02 11:27 p.m.13 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-core Dependency Vulnerability in Crowd Data Center and Server

This High severity Improper Authorization vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker...

8.7CVSS7.3AI score0.00634EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-0474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da...

9.3CVSS8.4AI score0.02139EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-0405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and...

9.3CVSS8.4AI score0.01818EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Google Android 安全漏洞

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Framework of Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, which can be exploited by an attacker to elevate privileges...

7.8CVSS7.1AI score0.00073EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

DesDev DedeCMS 代码问题漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. A code issue vulnerability exists in DesDev...

9.8CVSS4.4AI score0.02476EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/10 4:19 p.m.13 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.8AI score0.00818EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27184 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...

7.5CVSS4.6AI score0.00915EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.6 views

PT-2023-27681 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the "/dede/vote add.php" API endpoint via the votename and voteitem1...

5.4CVSS5.5AI score0.00387EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.4 views

Fortinet FortiADC 路径遍历漏洞

Fortinet FortiADC is an application delivery controller from Fortinet. A security vulnerability exists in FortiADC version 7.2.0 and versions prior to 7.1.1 that stems from the presence of a relative path traversal, which allows a privileged attacker to remove arbitrary directories from the...

7.1CVSS7.1AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/02 12:0 a.m.5 views

Enc Security Enc DataVault 数据伪造问题漏洞

Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turn any Usb drive into a secure removable disk for important files. ENC DataVault suffers from an encryption issue vulnerability that stems from ENC DataVault 7.1.1W using an incorrect encryption algorithm, which can b...

6.4CVSS5.6AI score0.00486EPSS
Exploits0References5
OSV
OSV
added 2021/02/03 1:15 p.m.2 views

CVE-2020-29165

PacsOne Server PACS Server In One Box below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges...

9.8CVSS7.3AI score0.01718EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/17 12:0 a.m.2 views

Micro Focus ArcSight Logger Cross-Site Scripting Vulnerability (CNVD-2020-65165)

ArcSight Logger is a log management solution optimized for extremely high event throughput, efficient long-term storage and fast data analysis. A cross-site scripting vulnerability exists in Micro Focus ArcSight Logger versions prior to 7.1.1. Detailed vulnerability details are not available at...

6.1CVSS6.2AI score0.00634EPSS
Exploits0References1
Rows per page
Query Builder