Lucene search
K

72 matches found

Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.9 views

PT-2025-5363 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.55417 Description: The issue is related to the exposure of permanent tokens in logs, potentially allowing an attacker to obtain encrypted user credentials. This could be exploited through the...

5.5CVSS6.8AI score0.00587EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.10 views

PT-2024-9755

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely. The issue is related to incorrect code generation management. This...

9CVSS9.9AI score0.01314EPSS
Exploits0References29
OpenVAS
OpenVAS
added 2024/12/12 12:0 a.m.59 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-2988)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.01743EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/12/06 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2024:4205-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS6.8AI score0.16496EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-37463 · WordPress · Send Email Only On Reply To My Comment

Name of the Vulnerable Software and Affected Versions: Send email only on Reply to My Comment WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before bei...

6.1CVSS5.6AI score0.00405EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.7 views

PT-2024-28337 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS versions =12.9 Description: An issue in SeaCMS allows remote attackers to execute arbitrary code via the "admin ping.php" endpoint. This enables attackers to run malicious code on the affected system. Recommendations: For SeaCMS versio...

9.8CVSS8.4AI score0.0111EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.7 views

PT-2024-18814

Name of the Vulnerable Software and Affected Versions MTP application versions prior to SMR Jul-2024 Release 1 Description The issue concerns improper authentication in the MTP application, allowing local attackers to enter MTP mode without proper authentication. Recommendations For versions prio...

4CVSS8.8AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.5 views

PT-2024-23388 · Unknown · Aipost Ai Wp Writer

Name of the Vulnerable Software and Affected Versions: AIpost AI WP Writer versions 3.6.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects AIpost AI WP Writer, allowing potential unauthorized access. Recommendations: For versions...

5.3CVSS9.2AI score0.00313EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.6 views

PT-2024-25804 · Node.Js +1 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: @hoppscotch/cli versions prior to 0.8.0 Description: The @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to version 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.j...

8.3CVSS7.2AI score0.00611EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.8 views

PT-2024-18837 · WordPress · Social Media Share Buttons & Social Sharing Icons

Name of the Vulnerable Software and Affected Versions: Social Media Share Buttons & Social Sharing Icons WordPress plugin versions prior to 2.8.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html...

5.9CVSS7.9AI score0.00405EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.8 views

PT-2024-22038 · Clarisa · Claris Filemaker Server

Name of the Vulnerable Software and Affected Versions: Claris FileMaker Server versions prior to 20.3.2 Description: The issue is related to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. This vulnerability was...

6.1CVSS6.3AI score0.00308EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.5 views

PT-2024-23217 · Invision · Invision Community

Name of the Vulnerable Software and Affected Versions: Invision Community versions 4.4.0 through 4.7.15 Description: The issue allows for SQL injection through the store.php file, specifically in the categoryView method of the IPS exusmodulesfrontstore store class. User input passed through the...

9.8CVSS9.9AI score0.08676EPSS
Exploits3References10
Vulnrichment
Vulnrichment
added 2024/02/13 10:14 p.m.7 views

CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...

7.1CVSS6.8AI score0.00496EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-14931 · Hypr · Hypr Workforce Access

Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions prior to 8.7 Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which allows Overflow Buffers. This can be exploited in HYPR Workforce Access on...

7.8CVSS7AI score0.00147EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.3 views

PT-2023-31376 · Pixelyoursite · The Product Catalog Feed By Pixelyoursite

Name of the Vulnerable Software and Affected Versions: Product Catalog Feed by PixelYourSite versions n/a through 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...

8.8CVSS8.8AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.7 views

PT-2023-29680 · Unknown · Wokamoto Simple Tweet

Name of the Vulnerable Software and Affected Versions: Wokamoto Simple Tweet plugin versions = 1.4.0.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability allows an attacker to inject maliciou...

5.9CVSS5.6AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.6 views

PT-2023-26405 · Taboola · Taboola

Name of the Vulnerable Software and Affected Versions: Taboola plugin versions = 2.0.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...

8.8CVSS8.8AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.6 views

PT-2023-23914 · Tp Link · Archer C55 +1

Name of the Vulnerable Software and Affected Versions: Archer C50 versions prior to Archer C50JP V3 230505 Archer C55 versions prior to Archer C55JP V1 230506 Description: The affected devices use hard-coded credentials to login, which may allow a network-adjacent unauthenticated attacker to...

8.8CVSS7.8AI score0.00344EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.3 views

PT-2023-35412 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.14 through v6.1.11 Description: A potential NULL pointer dereference issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v5.14...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.2 views

PT-2023-33701 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the pn533 NFC component, where the nfc target is not properly cleared before being used. This could potentially lead to security vulnerabilities, although the actual...

7.1AI score
Exploits0References1
Rows per page
Query Builder