Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-17552

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00267EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/09/02 3:31 p.m.11 views

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

6.5CVSS7AI score0.00331EPSS
Exploits3References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35568

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.1 through 6.4.2 Description: A user enumeration issue exists in the /CredentialsServlet/ForgotPassword endpoint. This allows remote attackers to determine valid usernames via the Login parameter. Recommendations:...

6.5CVSS6.3AI score0.00331EPSS
Exploits3References7
Cvelist
Cvelist
added 2025/06/09 12:0 a.m.10 views

CVE-2025-45055

Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...

0.00267EPSS
Exploits1References2
OSV
OSV
added 2025/06/09 12:0 a.m.5 views

CVE-2025-45055

Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...

5.4CVSS5.8AI score0.00267EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/09 12:0 a.m.3 views

CVE-2025-45055

Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...

5.9AI score0.00267EPSS
Exploits1References2
Rows per page
Query Builder