Lucene search
K

102 matches found

CVE
CVE
added 2025/04/23 3:33 p.m.220 views

CVE-2025-32969

Summary: CVE-2025-32969 affects XWiki Platform REST server and related components, enabling unauthenticated remote SQL injection by escaping the HQL execution context in the REST API query endpoint. Affected versions are 1.8 through before 15.10.16, and before 16.4.6 and 16.10.1. Successful explo...

9.8CVSS8AI score0.79487EPSS
In wildExploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.8 views

PT-2025-17303 · Unknown · Electrolink 500W

Name of the Vulnerable Software and Affected Versions: Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web versions v01.07 through v01.09 Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Display versions v1.2 through v1.4 Description: A credential exposure issue allows unauthorized attackers t...

7.5CVSS6.3AI score0.0168EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16417

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a high-privileged attacker with network access via multiple protocols to compromise MyS...

7.5CVSS5.6AI score0.01226EPSS
Exploits2References312
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.4 views

PT-2025-16313 · WordPress · Advance Wp Query Search Filter

Name of the Vulnerable Software and Affected Versions: Advance WP Query Search Filter versions 1.0.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS in the Advance WP Query...

7.1CVSS7AI score0.00208EPSS
Exploits0References6
Rosalinux
Rosalinux
added 2025/04/11 10:8 p.m.12 views

Advisory ROSA-SA-2025-2844

Software: gtk3 3.22.30 OS: ROSA Virtualization 2.1 packageevrstring: gtk3-3.22.30-12.rv3 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...

7CVSS7AI score0.00464EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.6 views

PT-2025-15864 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S10 Junos OS versions 22.2 prior to 22.2R3-S6 Junos OS versions 22.4 prior to 22.4R3 Junos OS versions 23.2 prior to 23.2R1-S2, 23.2R2 Description: An issue in the...

6.9CVSS6.4AI score0.00382EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.6 views

PT-2025-15862 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions from 21.4 before 21.4R3-S8 Junos OS versions from 22.2 before 22.2R3-S6 Junos OS versions from 22.4 before 22.4R3-S2 Junos OS versions from 23.2 before 23.2R2-S3 Junos OS versions from 23...

6.8CVSS6.5AI score0.00139EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.11 views

PT-2025-15130 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds read. Recommendations: For versions prior to 5.0.2, update to a version newer than 5.0.2 to resolve t...

3.3CVSS6.2AI score0.00137EPSS
Exploits0References5
OSV
OSV
added 2025/03/26 4:13 p.m.12 views

CVE-2025-30164 Icinga Web 2 has open redirect on login page

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

4.1CVSS6.2AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.4 views

PT-2025-12741 · WordPress · Wp-Advanced-Search

Name of the Vulnerable Software and Affected Versions: WP-Advanced-Search versions prior to 3.3.9.3 Description: The issue concerns the WordPress WP-Advanced-Search plugin, where some settings are not properly sanitized and escaped. This could allow high-privilege users, such as admins, to perfor...

3.5CVSS5.7AI score0.003EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/03/06 12:0 a.m.7 views

PT-2025-9903 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.26.71 Description: The issue is related to an out-of-bounds read in the parsing of RLE Run-Length Encoding of BMP images. This allows local attackers to read out-of-bounds memory, potentially leading to...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2025/03/01 9:41 p.m.27 views

Advisory ROSA-SA-2025-2750

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-33.rv3 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...

8.8CVSS7.2AI score0.03969EPSS
Exploits8
Rosalinux
Rosalinux
added 2025/03/01 9:21 p.m.16 views

Advisory ROSA-SA-2025-2724

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8.0.1.rv30.1 CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the implementation of the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...

6.5CVSS6.6AI score0.01383EPSS
Exploits0
Rosalinux
Rosalinux
added 2025/02/15 10:9 p.m.16 views

Advisory ROSA-SA-2025-2683

Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...

8.6CVSS8.7AI score0.01284EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 4:49 a.m.10 views

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

7.2CVSS6.8AI score0.01254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:45 p.m.7 views

CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...

8.8CVSS6.7AI score0.00788EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.11 views

PT-2025-2609 · Ibm · Ibm Cics Tx Advanced +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced versions 10.1 through 11.1 IBM CICS TX Standard version 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

7.2CVSS6.3AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.7 views

PT-2024-36160 · Unknown · Wp-Nerd Toolkit

Name of the Vulnerable Software and Affected Versions: WP-NERD Toolkit versions n/a through 1.1 Description: The issue is related to the exposure of sensitive system information to an unauthorized control sphere. This problem affects the WP-NERD Toolkit, allowing unauthorized access to confidenti...

7.5CVSS6.7AI score0.00467EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/30 12:0 a.m.3 views

PT-2024-35866 · Unknown · Aftab Husain Vertical Carousel

Name of the Vulnerable Software and Affected Versions: Aftab Husain Vertical Carousel versions 1.0.2 and earlier Description: The issue affects Aftab Husain Vertical Carousel, allowing Stored XSS due to improper neutralization of input during web page generation. This is a Cross-site Scripting...

6.5CVSS8.8AI score0.00283EPSS
Exploits0References6
OSV
OSV
added 2024/11/05 7:15 p.m.22 views

PYSEC-2024-202

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder