Lucene search
K

14 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Traffic Server versions 9.2.12 and earlier, as well as 10.1.1 and earlier versions. These vulnerabilities stem from an error ...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 9:47 p.m.14 views

EUVD-2025-36565

DNN vulnerable to stored cross-site-scripting XSS via SVG upload...

6.4CVSS5.8AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 9:44 p.m.3 views

EUVD-2025-36566

DNN CKEditor Provider allows unauthenticated upload out-of-the-box...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/10/28 9:46 p.m.38 views

CVE-2025-64095

Summary (CVE-2025-64095) : DNN (DotNetNuke) versions before 10.1.1 are vulnerable to an unrestricted file upload due to the default HTML editor provider, allowing unauthenticated users to upload and overwrite files. This can enable website defacement and, when combined with other issues, potentia...

10CVSS6.2AI score0.44656EPSS
In wildExploits3References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/28 9:44 p.m.1 views

CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

6.4CVSS5.5AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 9:44 p.m.9 views

CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

6.4CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 9:42 p.m.8 views

CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

4.3CVSS0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. A security vulnerability exists in DNN versions prior to 10.1.1, which stems from allowing...

4.3CVSS6.5AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 2:15 a.m.3 views

CVE-2025-62897

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through 10.1.0...

5.3CVSS0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.7 views

PT-2024-31676 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions through 10.1 Description: A Cross-Site Scripting XSS issue in the "/h/rest" endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session...

5.4CVSS6AI score0.00531EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/05/26 12:0 a.m.5 views

HUAWEI EMUI/Magic UI 安全漏洞

Huawei EMUI and Huawei Magic UI are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei Magic UI is a smart device operating system. A security vulnerability exists in HUAWEI EMUI/Magic UI.The vulnerability stems from a lack of length...

9.8CVSS8.4AI score0.00483EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.4 views

华为智能手机安全漏洞

Huawei phones are smartphones from Huawei, a Chinese company. A security vulnerability exists in multiple Huawei SmartPhones that stems from a lack of effective permission granting and access control measures in the product. The vulnerability can be exploited by an attacker to affect the normal u...

7.5CVSS7.5AI score0.00641EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/07 12:0 a.m.6 views

IBM Emptoris Strategic Supply Management 跨站脚本漏洞

IBM Emptoris Strategic Supply Management is a platform for installing and managing the Emptoris suite of products from IBM USA. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3, which allows an attacker to alter the intended...

6.4CVSS6.5AI score0.00554EPSS
Exploits0References3
OSV
OSV
added 2017/05/22 5:29 a.m.4 views

CVE-2017-2495

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service application crash via a crafted web site that improperly interacts with the histor...

6.5CVSS7.2AI score0.00884EPSS
Exploits0References4
Rows per page
Query Builder