Lucene search
K

12 matches found

Nuclei
Nuclei
added yesterday26 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:57 p.m.11 views

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Rational Business Developer.

Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - July 2022. Vulnerability Details CVEID:CVE-2022-21541...

5.9CVSS6.4AI score0.0296EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/06 5:5 p.m.5 views

GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2026-27556

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/24 8:33 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the /server-islands/name route handler, which buffers and parses the entire request body as JSON without enforcing a size...

8.7CVSS5.8AI score0.0037EPSS
Exploits1References2
CVE
CVE
added 2025/12/16 9:59 p.m.36 views

CVE-2025-64520

GLPI CVE-2025-64520 affects versions 9.1.0 up to (but not including) 10.0.21, where an unauthorized API user can read all knowledge base entries. Root cause: insufficient API authorization. Impact: confidentiality high; integrity/availability not affected per disclosure. Remediation: upgrade to 1...

6.5CVSS6.3AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/24 9:52 p.m.4 views

GHSA-6465-JGVQ-JHGP Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`

Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When sendDefaultPii: true was set, a few headers that were previously redacted - including Authorization and Cookie - were...

5CVSS6.5AI score0.00298EPSS
Exploits0References9
OSV
OSV
added 2025/08/27 10:15 p.m.4 views

CVE-2025-34522

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...

9.8CVSS6.2AI score0.00523EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 9:19 p.m.11 views

CVE-2025-34522 Arcserve UDP < 10.2 Pre-Authentication Heap Overflow

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...

9.2CVSS0.00523EPSS
Exploits0References1
Snyk
Snyk
added 2024/12/05 3:31 p.m.2 views

Detection of Error Condition Without Action

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to a bug in the CKEditor 5 module that incorrectly handles image uploads. An...

8.2CVSS6.7AI score0.00375EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.5 views

PT-2023-21942 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0 Description: A vulnerability exists in the way the client validates the path to a DLL prior to loading, which may allow a lower-level user to elevate privileges and compromise the system...

7.8CVSS7.1AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.7 views

PT-2021-8817 · Apereo · Apereo Opencast

Name of the Vulnerable Software and Affected Versions: Apereo Opencast versions 4.x through 10.x before 10.6 Description: An issue was discovered in Apereo Opencast where it sends system digest credentials during authentication attempts to arbitrary external services in some situations. This occu...

7.5CVSS7.6AI score0.00829EPSS
Exploits0References11
Rows per page
Query Builder