Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.4AI score0.00194EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Starting from version 7.0.8 and before version 7.0.10, authenticated users could use the MSETNX command to trigger a runtime assertion and terminate the Redis server process. This issue was fixed in Redis version 7.0.10...

5.5CVSS5.2AI score0.54978EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.5 views

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS5.7AI score0.00155EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:14 p.m.4 views

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33979

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:26 a.m.4 views

CVE-2026-23542

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...

5.5AI score0.00391EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 11:21 p.m.6 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...

7.8CVSS7.3AI score0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36485

Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. Recommendations: At the moment, there is no information about...

9.8CVSS7.4AI score0.02695EPSS
Exploits1References10
OSV
OSV
added 2025/07/15 8:15 p.m.4 views

UBUNTU-CVE-2025-53029

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

2.3CVSS5.8AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.3 views

Zyxel NWA50AX PRO 路径遍历漏洞

The Zyxel NWA50AX PRO is a wireless router from China Hopkins Zyxel. A path traversal vulnerability exists in Zyxel NWA50AX PRO 7.10 ACGE.2 and earlier versions, which stems from a path traversal in the fileupload-cgi CGI program that could lead to the deletion of configuration files...

7.2CVSS6.6AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.5 views

PT-2023-24726 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose versions prior to 7.10 Description: The issue arises from the HTTP server in Mongoose accepting requests with negative Content-Length headers. This can be exploited by an attacker sending a single malicious payload over TCP, causing...

7.5CVSS7.1AI score0.01013EPSS
Exploits0References10
OSV
OSV
added 2023/05/15 10:15 p.m.6 views

AZL-26736 CVE-2023-2700 affecting package libvirt for versions less than 7.10.0-5

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's gautoptr cleanup...

5.5CVSS6.7AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.5 views

Karmasis Infraskope Agent 访问控制错误漏洞

Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...

7.5CVSS6.8AI score0.00568EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-15843 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via Documentconverter, for example, through an email attachment. Recommendations: For OX App Suite versions 7.10.6 and earlier, update to a version...

9.8CVSS9.6AI score0.0305EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.23 views

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE that stem...

5CVSS5.2AI score0.00505EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.5 views

PT-2021-6753 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for...

5CVSS4.5AI score0.00505EPSS
Exploits0References14
OSV
OSV
added 2021/01/12 10:15 p.m.3 views

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...

6.1CVSS6.4AI score0.01133EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 2:15 p.m.3 views

CVE-2020-8542

OX App Suite through 7.10.3 allows XSS...

5.4CVSS5.8AI score0.01206EPSS
Exploits3References4
CNVD
CNVD
added 2019/06/10 12:0 a.m.3 views

SalesAgility SuiteCRM SQL Injection Vulnerability (CNVD-2019-16997)

SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execute illegal SQL commands...

9.8CVSS8.2AI score0.0106EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/26 12:0 a.m.5 views

SAP TREX Code Injection Vulnerability

SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. A code injection vulnerability exists in SAP TREX version 7.10. The vulnerability can be exploited by a remote attacker to read or write to arbitrary files and execute arbitrary code with the help of the fd...

9.8CVSS9.8AI score0.02354EPSS
Exploits0References1
Rows per page
Query Builder