Lucene search
+L

1251 matches found

CNNVD
CNNVD
added 2025/05/17 12:0 a.m.3 views

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

9CVSS9AI score0.00695EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/30 4:30 p.m.7 views

CVE-2025-3859 Firefox Focus elide URL allows address bar spoofing

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138...

5.8AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/23 7:6 a.m.23 views

CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

8.2CVSS0.00359EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/08 3:22 p.m.18 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/05 12:24 a.m.23 views

CVE-2024-45198

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

8.8CVSS8.4AI score0.00567EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 12:0 a.m.50 views

CVE-2024-45199

CVE-2024-45199 - summary from provided documents : The issue affects insightsoftware Hive JDBC driver up to version 2.6.13. A remote code execution vulnerability arises when attackers inject malicious parameters into the JDBC URL, triggering a JNDI injection during the connection process with the...

8.8CVSS8.5AI score0.00567EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 3:6 p.m.20 views

CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

0.00815EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/03/25 5:5 p.m.16 views

Important: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.8CVSS7.6AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/24 1:47 p.m.7 views

CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

6.5CVSS7.3AI score0.00253EPSS
Exploits0References1
Mageia
Mageia
added 2025/03/18 12:4 a.m.23 views

Updated libreoffice packages fix security vulnerability

Macro URL arbitrary script execution. CVE-2025-1080...

7.8CVSS7.2AI score0.00289EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/03/17 2:12 a.m.13 views

Important: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.8CVSS7.6AI score0.00289EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2025/03/17 12:0 a.m.11 views

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS7.4AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2025/03/10 12:0 a.m.62 views

CVE-2025-25908

CVE-2025-25908 affects tianti v2.3 with a stored XSS in the coverImageURL parameter at /article/ajax/save. Root cause: unsanitized input in the coverImageURL field leading to arbitrary web scripts/HTML execution. Impact: potential exposure of user data due to crafted payloads; CVSS 3.1 base score...

5.4CVSS5.7AI score0.00252EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/03/05 6:15 a.m.21 views

CVE-2025-27662

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005...

9.8CVSS0.0057EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 1:31 p.m.14 views

CVE-2025-27426 Firefox Mobile iOS Full Address Bar Spoof Using Server-Side Redirect to internal error page

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136...

6AI score0.00219EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:24 p.m.8 views

CVE-2022-2216

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.8CVSS6.7AI score0.01544EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:23 p.m.14 views

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS6.7AI score0.00941EPSS
Exploits1References1
Redos
Redos
added 2025/01/17 12:0 a.m.7 views

ROS-20250117-05

A vulnerability in the URL Handler component of the Tornado asynchronous networking library is related to URL redirection to an untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely redirect a user to an arbitrary website and conduct a phishing attack...

6.1CVSS6.8AI score0.01132EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/09 11:10 a.m.26 views

CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting

The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00479EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.20 views

CVE-2024-12153 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting

The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00434EPSS
Exploits0References3
Rows per page
Query Builder