Lucene search
+L

250 matches found

OSV
OSV
added 2025/08/29 6:15 p.m.4 views

CVE-2025-29890

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

6.5CVSS5.8AI score0.00419EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.7 views

PT-2025-27383 · Rlpx · Rlpx

Name of the Vulnerable Software and Affected Versions: RLPx version 5 Description: The issue concerns RLPx 5, which has two CTR streams based on the same key, IV, and nonce. This design flaw can facilitate decryption on a private network. Recommendations: For RLPx version 5, consider reconfigurin...

3.4CVSS6.8AI score0.0014EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/06/24 12:0 a.m.9 views

Moodle 5.x < 5.0.1 Reflected Cross-Site Scripting

According to its self-reported version, the Moodle install hosted on the remote host is 5.x prior to 5.0.1 . It is, therefore, affected by a Reflected XSS in MathJax. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

6.5AI score
Exploits0References3
Cvelist
Cvelist
added 2025/05/30 6:36 a.m.17 views

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

5.4CVSS0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.5 views

CVE-2024-51751

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

6.5CVSS6.8AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.9 views

CVE-2023-41099

In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.from a regular user to SYSTEM...

7.8CVSS6.9AI score0.00148EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.9 views

CVE-2023-28470

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...

5.3CVSS7AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:42 p.m.12 views

CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

5CVSS7.3AI score0.02372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.7 views

CVE-2019-17409

Reflected XSS exists in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter...

6.1CVSS6AI score0.00836EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 a.m.8 views

CVE-2018-4332

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

10CVSS6.2AI score0.0213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 a.m.8 views

CVE-2015-7831

In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used...

8.8CVSS7.3AI score0.01078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:45 a.m.10 views

CVE-2012-1064

Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01366EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/13 12:0 a.m.4 views

Debian: Security Advisory (DLA-4162-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.00843EPSS
Exploits0References2
CVE
CVE
added 2025/04/17 6:0 a.m.63 views

CVE-2024-11924

CVE-2024-11924 corresponds to Icegram Express (formerly Email Subscribers) WordPress plugin prior to 5.7.52. The issue is Stored XSS arising from insufficient sanitisation/escaping of plugin settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disa...

3.5CVSS5.4AI score0.00239EPSS
Exploits1References1Affected Software1
Fedora
Fedora
added 2025/03/10 1:15 a.m.19 views

[SECURITY] Fedora 41 Update: podman-tui-1.4.0-1.fc41

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

8.7CVSS7.4AI score0.00369EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/06 7:15 p.m.4 views

aldryn-django (>=5.0.10.0 <=5.0.11.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2025-26699 via django (>=5.0.0 <=5.0.12)

django PYPI version =5.0.0, =5.0.10.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...

7.5CVSS7AI score0.00766EPSS
Exploits0
Cvelist
Cvelist
added 2025/03/05 3:53 p.m.16 views

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS0.00266EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.21 views

Joomla! 5.x < 5.2.4 SQL injection

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.11 or 5.x prior to 5.2.4. It is, therefore, affected by a SQL injection vulnerability in the backend task list of comscheduler due to improperly built order clauses. Note that the...

6.7CVSS8.2AI score0.00433EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

Apache Felix Webconsole 跨站脚本漏洞

Apache Felix Webconsole is a simple tool from the Apache USA Foundation to inspect and manage OSGi framework instances using a web browser. A cross-site scripting vulnerability exists in Apache Felix Webconsole versions 4.x through 4.9.8 and 5.x through 5.0.8, which stems from incorrect...

6.1CVSS5.9AI score0.00669EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/01/23 12:0 a.m.11 views

CVE-2025-24529

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...

6.4CVSS8.1AI score0.00393EPSS
Exploits0
Rows per page
Query Builder