Lucene search
K

27 matches found

Patchstack
Patchstack
added 2026/02/25 8:1 a.m.6 views

WordPress Photography theme <= 7.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Photography versions = 7.6.1...

7.1CVSS5.9AI score0.00191EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/09 5:19 p.m.5 views

EUVD-2025-202271

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7...

6.5CVSS5.7AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 7:0 p.m.21 views

CVE-2025-32932

CVE-2025-32932 is an XSS vulnerability in FortiSOAR web UI caused by improper input neutralization (CWE-79). Affected are FortiSOAR versions 6.4 and all 7.x releases up to 7.6.1. The impact is stored XSS that can be triggered by authenticated remote attackers via stored malicious service requests...

6.5CVSS6AI score0.00186EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2025/08/11 12:0 a.m.4 views

p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness

perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known...

8.6CVSS6.2AI score0.00388EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-32815

An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur...

6.5CVSS5.8AI score0.34188EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Fortinet FortiADC 操作系统命令注入漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC, which stems from improper neutralization of special elements and could lead to OS command injection. The following versions are affected:...

7.2CVSS7.5AI score0.0123EPSS
Exploits0References2
OSV
OSV
added 2025/05/22 3:16 p.m.5 views

CVE-2025-32813

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...

7.2CVSS5.8AI score0.43042EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 3:16 p.m.5 views

CVE-2025-32815

An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur...

6.5CVSS5.8AI score0.34188EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.20 views

Infoblox NETMRI 安全漏洞

Infoblox NETMRI is a network management product from US-based Infoblox, Inc. can automate, provide visibility and continuous insight to help organizations intelligently manage their multi-vendor networks. A security vulnerability exists in Infoblox NETMRI versions prior to 7.6.1 that originates...

5.3CVSS6.5AI score0.06044EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/11 3:15 p.m.5 views

CVE-2024-46663

A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...

6.7CVSS6.2AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/31 12:15 p.m.4 views

AZL-56351 CVE-2025-21667 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomapwritedelallocscan was inadvertently using a 32-bit position due to folionextindex returning an unsigned long. This could lead to an infinite loop when...

5.5CVSS6.4AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin Post Grid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.2AI score0.0056EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.6 views

IBM Control Desk 信息泄露漏洞

IBM Control Desk is an application from International Business Machines IBM. Automated service management and seamlessly integrated, best-practice based service desk functionality. A security vulnerability exists in IBM Control Desk version 7.6.1, which stems from the fact that its unset HTTP Onl...

5.3CVSS5.2AI score0.00726EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:13 p.m.2 views

GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS6.8AI score0.016EPSS
Exploits0References5
OSV
OSV
added 2021/08/12 4:15 p.m.4 views

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...

9.8CVSS6AI score0.01748EPSS
Exploits0References2
OSV
OSV
added 2020/09/15 2:15 p.m.4 views

CVE-2020-4521

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system...

8.8CVSS7.7AI score0.06457EPSS
Exploits0References2
OSV
OSV
added 2020/09/15 2:15 p.m.4 views

CVE-2020-4526

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436...

4.3CVSS5.7AI score0.00482EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/14 12:0 a.m.4 views

IBM Maximo Asset Management Path Traversal Vulnerability (CNVD-2020-46262)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A path traversa...

4.3CVSS6.9AI score0.01359EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/04 12:0 a.m.6 views

Elasticsearch elevation of privilege vulnerability (CNVD-2020-38868)

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. A security vulnerability exists in Elasticsearch versions 6.7.0 through 6.8.7 and...

8.8CVSS6.9AI score0.01543EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 7:4 a.m.5 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

9.8CVSS7.6AI score0.01717EPSS
Exploits0References6
Rows per page
Query Builder