Lucene search
+L

56 matches found

EUVD
EUVD
added 2025/10/21 6:30 p.m.4 views

EUVD-2025-35186

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

6.9CVSS6.6AI score0.00162EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/21 6:30 p.m.13 views

Liferay Portal fails to verify messages from the cluster network is trusted

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

6.9CVSS7.2AI score0.00162EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/01 7:46 a.m.4 views

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are...

6.4CVSS7.6AI score0.00181EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2025/09/16 4:0 p.m.8 views

Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era

The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data,...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.2 views

PT-2025-28537

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description An issue exists where the acceptance of extraneous untrusted data alongside trusted data allows an unauthorized attacker to bypass a security feature. This exploit requires physical...

7.2CVSS6AI score0.00548EPSS
Exploits1References23
OSV
OSV
added 2025/05/13 5:15 p.m.3 views

CVE-2025-29842

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.6 views

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/05 3:48 a.m.2 views

SUSE CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

5.3CVSS7.3AI score0.00376EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.6 views

EC-CUBE 安全漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE that stems from the presence of an Accept External Untrusted Data and Trusted Data vulnerability, where an attacker who gains administrative privileges may be able to install...

7.2CVSS6.7AI score0.00267EPSS
Exploits0References4
OSV
OSV
added 2024/07/25 8:15 a.m.4 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.10 views

PT-2024-29527 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 2024.06 Description: An issue allows authenticated users to achieve HTML content injection. A remote authenticated malicious user could exploit this to store malicious HTML code in a trusted application data...

5.4CVSS7.2AI score0.00288EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.7 views

The vulnerability of the Grafana monitoring and observation platform lies in the redirection of the URL address to an unreliable website, allowing a hacker to redirect users to any desired website.

The vulnerability of the Grafana monitoring and observation platform relates to bypassing security configurations, if a malicious data source operates on a permitted host. Exploiting this vulnerability could allow a remote attacker to redirect users to an arbitrary website...

8.5CVSS7.9AI score0.01191EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/03/08 2:15 a.m.3 views

CVE-2024-26313

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data...

5.4CVSS5.8AI score0.00505EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/12 8:15 a.m.2 views

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

5.4CVSS5.9AI score0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-30867 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6.x through 6.13 P2 6.13.0.2 Description: The issue allows a remote authenticated malicious Archer user to store malicious HTML code in a trusted application data store. When victim users access the data store through...

5.4CVSS5.3AI score0.00463EPSS
Exploits0References4
Snyk
Snyk
added 2023/05/19 12:0 a.m.4 views

Acceptance of Extraneous Untrusted Data With Trusted Data

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...

6.9CVSS7AI score
Exploits0References2
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.7 views

Archer Platform 跨站脚本漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.12.0.6.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that could allow an authenticated, remote attacker to...

7.1CVSS5.5AI score0.00294EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5709

An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...

7.5CVSS9.5AI score0.02067EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.11 views

PT-2022-26930 · WordPress · Wordpress Popular Posts

Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions 6.0.5 and earlier Description: The issue allows external initialization of trusted variables or data stores, enabling the acceptance of untrusted external inputs to update internal variables. This can lead to...

7.5CVSS7.4AI score0.00846EPSS
Exploits0References7
OSV
OSV
added 2022/08/30 9:15 p.m.8 views

CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...

5.4CVSS5.8AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder