Lucene search
K

36 matches found

OSV
OSV
added 2026/06/12 7:32 p.m.8 views

GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework

Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS5.9AI score0.00244EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Microsoft Exchange Server 服务端请求伪造漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

8.8CVSS5.8AI score0.00465EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/04 4:55 p.m.16 views

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw...

8.6CVSS6.2AI score0.41694EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.7 views

CVE-2025-40810

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 14, Solid Edge SE2025 All versions V225.0 Update 6. The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the...

7.8CVSS7.3AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.6 views

CVE-2024-56464

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...

2.7CVSS6.2AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46718

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 Description IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 stores user credentials in configuration files within source control. An authenticated user can read these credentials. Recommendations...

6.5CVSS6.5AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.13 views

PT-2025-45059

Name of the Vulnerable Software and Affected Versions Secure Access Windows versions 12.0 through 14.10 Description This is a denial-of-service issue in Secure Access Windows. If a local networking policy is active, attackers on a nearby network may be able to send a specially crafted packet that...

6.5CVSS5.4AI score0.00197EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.7 views

Microsoft Exchange Server 信息泄露漏洞

Microsoft Exchange Server is a set of e-mail service programs from Microsoft. It provides email access, storage, forwarding, voice mail, email filtering and screening. An information disclosure vulnerability exists in Microsoft Exchange Server. An attacker could exploit this vulnerability to obta...

7.5CVSS5.6AI score0.01133EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.3 views

Microsoft Exchange Server 输入验证错误漏洞

Microsoft Exchange Server is a set of e-mail service programs from Microsoft USA. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. An input validation error vulnerability exists in Microsoft Exchange Server that stems from incorrect inpu...

6.5CVSS6.4AI score0.01267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.7 views

PT-2024-30979 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.6 Description: The issue allows a person with physical access to an unlocked Mac to potentially gain root code execution. This is achieved through a specific exploit that does not require user interaction...

6.8CVSS7AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.4 views

PT-2024-19727 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: A privacy issue was addressed with improved handling of temporary files. This issue allows an app to potentially capture a user's screen. Recommendations: For macOS Sonoma versions prior to 14....

3.3CVSS7.7AI score0.0022EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.3 views

PT-2024-19728 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue allows entitlements and privacy permissions granted to an app to be used by a malicious app. This was addressed with improved checks. Recommendations: For macOS Sonoma versions prior ...

7.8CVSS7.8AI score0.0022EPSS
Exploits0References7
OSV
OSV
added 2022/10/14 8:15 p.m.2 views

CVE-2022-42341

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.5 views

CVE-2022-38422

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction...

7.5CVSS5.8AI score0.44252EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.4 views

CVE-2022-35712

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...

9.8CVSS6.3AI score0.36753EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.4 views

CVE-2022-38419

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS5.9AI score0.53028EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.2 views

CVE-2022-35710

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...

9.8CVSS6.3AI score0.42577EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.2 views

CVE-2022-38420

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interactio...

7.5CVSS5.9AI score0.44021EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.4 views

CVE-2022-38418

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does...

9.8CVSS6.3AI score0.80023EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 8:15 p.m.4 views

CVE-2022-35690

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...

9.8CVSS6.3AI score0.72213EPSS
Exploits0References1
Rows per page
Query Builder