Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/15 10:32 a.m.1 views

CVE-2026-4175

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...

5.1CVSS4AI score0.00254EPSS
Exploits0References7
NVD
NVD
added 2026/01/05 5:15 p.m.6 views

CVE-2025-59467

A Cross-Site Scripting XSS vulnerability in the UCRM Argentina AFIP invoices Plugin v1.2.0 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin...

9.6CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 6:37 p.m.4 views

EUVD-2025-204404

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

7.1CVSS6.2AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 6:37 p.m.8 views

CVE-2025-67745 Myhoard logs backup encryption key in plain text

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

7.1CVSS6.3AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/01 9:30 a.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...

9.8CVSS7.2AI score0.78668EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.6 views

PT-2024-26357 · Sshpiper · Sshpiper

Name of the Vulnerable Software and Affected Versions: sshpiper versions 1.0.50 through 1.2.x Description: The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly...

5.3CVSS7AI score0.0026EPSS
Exploits0References11
PyPA
PyPA
added 2024/01/15 11:15 a.m.8 views

PYSEC-2024-11

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.Users are recommended to upgrade to version 1.3.0, which fixes the issue...

9.8CVSS7.5AI score0.01917EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/05 12:0 a.m.4 views

PT-2023-1572 · Unknown · Gimmie Plugin

Name of the Vulnerable Software and Affected Versions: Gimmie Plugin version 1.2.2 Description: A critical vulnerability was found in the Gimmie Plugin, affecting an unknown function of the file trigger ratethread.php. The manipulation of the t/postusername argument leads to SQL injection. This...

9.8CVSS6.7AI score0.00619EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/29 5:4 a.m.2 views

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS7.2AI score0.0343EPSS
Exploits0References5
Rows per page
Query Builder