Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22837

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is a management software for technical assistance and invoicing. A privilege escalation and authentication bypass exists in versions 2.9.8 and earlier, allowing an attacker t...

9.8CVSS5.9AI score0.00537EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/06 6:7 p.m.3 views

EUVD-2026-5624

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

8.7CVSS5.9AI score0.00366EPSS
Exploits3References1
CVE
CVE
added 2026/02/04 5:42 p.m.9 views

CVE-2025-69213

CVE-2025-69213 affects OpenSTAManager prior to 2.10-beta, with a SQL Injection in the ajax_complete.php endpoint (get_sedi) that concatenates user input from the idanagrafica parameter into the SQL query. The vulnerability enables an authenticated attacker to inject SQL via idanagrafica, potentia...

8.8CVSS6AI score0.00381EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

Webedition CMS 安全漏洞

Webedition CMS is an open source web application framework from German company Webedition. A security vulnerability exists in Webedition CMS version v2.9.8.8, which stems from the presence of a stored cross-site scripting vulnerability that could lead to the upload of a malicious SVG file and the...

5.4CVSS6.2AI score0.0023EPSS
Exploits1References4
OSV
OSV
added 2025/12/03 8:40 p.m.6 views

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

6.4CVSS7.4AI score0.01286EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/26 8:31 a.m.10 views

CVE-2025-60103 WordPress ListingPro plugin <= 2.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through = 2.9.8...

5.4CVSS0.00248EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2025/02/15 10:9 p.m.12 views

Advisory ROSA-SA-2025-2689

Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...

9.8CVSS9.5AI score0.0111EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-37469 · WordPress · پلاگین پرداخت دلخواه

Name of the Vulnerable Software and Affected Versions: پلاگین پرداخت دلخواه WordPress plugin versions 2.9.8 and earlier Description: The issue concerns a lack of CSRF check when resetting form fields, which could allow attackers to perform actions via a CSRF attack, making a logged-in admin reset...

6.5CVSS6.8AI score0.00249EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/03/22 4:19 a.m.5 views

SUSE CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

7.5CVSS6.9AI score0.00658EPSS
Exploits0References3
OSV
OSV
added 2023/12/07 6:15 p.m.5 views

CVE-2023-41171

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability issue 3 of 4...

5.4CVSS5.8AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.11 views

WordPress Plugin The Paid Memberships Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.6AI score0.9246EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.3 views

PT-2022-35804 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.298 Description: The issue is related to data-races around kcm-rx wait. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v4.14.298,...

7.2AI score
Exploits0References1
OSV
OSV
added 2019/01/04 7:7 p.m.1 views

GHSA-MX9V-GMH4-MGQW Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

9.8CVSS7.2AI score0.10599EPSS
Exploits0References39
Rows per page
Query Builder