Lucene search
+L

141 matches found

Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.4 views

PT-2025-5786 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

5.4CVSS6.3AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.6 views

PT-2025-5785 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

5.4CVSS6.5AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.13 views

PT-2025-5784 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

6.4CVSS6.5AI score0.00215EPSS
Exploits0References5
CVE
CVE
added 2024/12/11 10:57 p.m.71 views

CVE-2024-44290

CVE-2024-44290 affects Apple platforms and is described as a location-privacy issue. The vulnerability is addressed in iOS 18.1, iPadOS 18.1, and watchOS 11.1; installing these updates resolves the issue. The public description indicates an app could determine a user’s current location. The CVSS ...

3.3CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.6 views

PT-2024-34494 · Ruijie · Ruijie Nbr800G

Name of the Vulnerable Software and Affected Versions: Ruijie NBR800G gateway version NBR RGOS 11.16B4P9 Description: The issue is a command execution vulnerability that occurs in the /itbox pi/networksafe.php endpoint via the province parameter. This allows for potential command execution...

6.5CVSS7AI score0.06832EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.8 views

PT-2024-29550 · Ibm · Ibm Cics Tx Standard

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard version 11.1 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. This can let an...

8.8CVSS6.4AI score0.00193EPSS
Exploits0References6
NVD
NVD
added 2024/10/04 6:15 p.m.33 views

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

4.6CVSS0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.7 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition. An attacker exploited the vulnerability to allow account takeover by compromising the OAuth process. The following versions are affected:...

6.4CVSS6.4AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.4 views

PT-2024-38851 · Ruijie · Ruijie Eg2000K

Name of the Vulnerable Software and Affected Versions: Ruijie EG2000K version 11.16B2 Description: A critical issue has been found, affecting unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the content argument leads to unrestricted upload. The attack can be...

5.8CVSS5.2AI score0.00677EPSS
Exploits1References12
Packet Storm
Packet Storm
added 2024/04/23 12:0 a.m.372 views

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...

10CVSS9.8AI score0.99999EPSS
Exploits43
Vulnrichment
Vulnrichment
added 2024/04/04 5:53 p.m.26 views

CVE-2024-25697 Stored XSS in Portal for ArcGIS

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute...

5.4CVSS5.8AI score0.00377EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-21099 · Esri · Arcgis Enterprise Builder

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link stored in a web map link...

4.8CVSS6.9AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.8 views

PT-2024-21090 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue allows a remote, unauthenticated attacker to create a crafted link that, when clicked, could render arbitrary HTML in the victim's browser. This is due to an HTML injection...

4.7CVSS7.2AI score0.00469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-21102

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS Experience Builder versions 11.1 and below Description The issue allows a remote, unauthenticated attacker to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

6.1CVSS5.9AI score0.0047EPSS
Exploits0References10
OSV
OSV
added 2024/04/03 1:16 p.m.1 views

CVE-2024-27254

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813...

6.5CVSS5.5AI score0.00653EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.30 views

Mobatek MobaXterm 11.1 (CVE-2019-13475)

The version of Mobatek MobaXterm installed on the remote host is 11.1. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13475 advisory. - In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute...

8.8CVSS7.5AI score0.0411EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-7393 · Mariadb Foundation · Mariadb

Name of the Vulnerable Software and Affected Versions: MariaDB version 11.1 Description: The issue in MariaDB is related to incorrect management of code generation in the lib mysqludf sys.so library, which can be exploited by an attacker to elevate privileges and execute arbitrary code. A remote...

6.1CVSS6AI score0.01226EPSS
Exploits2References17
Vulnrichment
Vulnrichment
added 2024/01/11 3:23 p.m.3 views

CVE-2023-5118 Stored cross-site scripting vulnerability in Kofax Capture software

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

5.4CVSS5.3AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/11 3:23 p.m.33 views

CVE-2023-5118 Stored cross-site scripting vulnerability in Kofax Capture software

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

5.4CVSS5.5AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.4 views

PT-2023-7736 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service with a...

9.4CVSS7.3AI score0.01104EPSS
Exploits0References9
Rows per page
Query Builder