Lucene search
+L

122 matches found

cvelist
cvelist
added 2025/08/19 9:32 p.m.18 views

CVE-2025-9169 SolidInvoice Quote quotes cross site scripting

A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

5.1CVSS0.00264EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/08/08 12:0 a.m.6 views

Apache Seata 安全漏洞

Apache Seata is an open source project from the Apache USA Foundation that provides high-performance and easy-to-use distributed transactional services in a microservices architecture. A security vulnerability exists in Apache Seata version 2.4.0, which stems from deserializing untrustworthy data...

9.8CVSS6.4AI score0.00601EPSS
Exploits0References2
circl
circl
added 2025/05/28 8:19 p.m.11 views

CVE-2022-40970

creationtimestamp| type| source ---|---|--- 2025-05-28 20:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqazn5vm7w2w...

7AI score
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 9:8 a.m.5 views

CVE-2024-56236

Missing Authorization vulnerability in Juniper Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...

4.3CVSS7.3AI score0.00343EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:40 p.m.7 views

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.2AI score0.00692EPSS
Exploits0References1
exploitdb
exploitdb
added 2025/04/16 12:0 a.m.315 views

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...

9.8CVSS9.2AI score0.99984EPSS
Exploits25
patchstack
patchstack
added 2025/01/16 6:42 p.m.5 views

WordPress Podčlánková inzerce plugin <= 2.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Podčlánková inzerce versions = 2.4.0...

7.1CVSS6.1AI score0.00377EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2025/01/04 12:0 a.m.6 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408 that originates from allowing visitors to send emails that may contain unfiltered HTML tags under certain circumstances...

4.6CVSS6.5AI score0.00219EPSS
Exploits0References1
patchstack
patchstack
added 2024/12/22 3:38 a.m.5 views

WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv in WordPress Plugin picu versions = 2.4.0...

5.3CVSS8.3AI score0.00275EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2024/11/27 12:0 a.m.5 views

PT-2024-16627 · WordPress · The Counter Up – Animated Number Counter & Milestone Showcase

Name of the Vulnerable Software and Affected Versions: The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress versions up to, and including, 2.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode due to...

6.4CVSS6.3AI score0.00232EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/10/24 12:0 a.m.8 views

PT-2024-33002 · Butterfly Effect Limited · Monica Chatgpt Ai Assistant

Name of the Vulnerable Software and Affected Versions: Butterfly Effect Limited Monica ChatGPT AI Assistant version 2.4.0 Description: A prompt injection issue in the chatbox allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via ...

7.5CVSS7.1AI score0.00417EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/09/04 12:0 a.m.6 views

PT-2024-31454 · Za Internet · Za-Internet C-Mor Video Surveillance

Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance version 5.2401 Description: An issue was discovered due to improper or missing access control, allowing low privileged users to use administrative functions of the C-MOR web interface. Although different...

8.1CVSS7.1AI score0.00648EPSS
Exploits2References7
githubexploit
githubexploit
added 2024/07/10 4:44 a.m.192 views

Exploit for Code Injection in Rejetto Http_File_Server

An unauth SSTI in the Rejetto HTTP File Server HFS. Original...

9.8CVSS9.6AI score0.99485EPSS
Exploits20
osv
osv
added 2024/07/09 12:15 p.m.4 views

CVE-2024-32056

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current proce...

7.8CVSS6.1AI score0.00173EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/07/09 12:0 a.m.4 views

PT-2024-4862 · Siemens · Simcenter Femap

Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions prior to V2406 Description: The issue is related to an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the conte...

7.8CVSS8.2AI score0.00173EPSS
Exploits0References5
vulncheck_kev
vulncheck_kev
added 2024/05/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-4455

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the item parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

7.2CVSS5.8AI score0.0101EPSS
Exploits0References1
osv
osv
added 2024/05/14 4:17 p.m.3 views

CVE-2024-33577

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current...

7.3CVSS5.9AI score0.00231EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/05/14 12:0 a.m.5 views

PT-2024-3682 · Siemens · Simcenter Femap

Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions prior to V2406 Description: A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds read past the end of an allocated structure...

7.8CVSS8AI score0.0039EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/01/18 12:0 a.m.5 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...

5.4CVSS6.8AI score0.0051EPSS
Exploits0References4
osv
osv
added 2023/12/14 3:15 p.m.4 views

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo...

5.4CVSS7.3AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder