250 matches found
CVE-2025-29890
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
PT-2025-27383 · Rlpx · Rlpx
Name of the Vulnerable Software and Affected Versions: RLPx version 5 Description: The issue concerns RLPx 5, which has two CTR streams based on the same key, IV, and nonce. This design flaw can facilitate decryption on a private network. Recommendations: For RLPx version 5, consider reconfigurin...
Moodle 5.x < 5.0.1 Reflected Cross-Site Scripting
According to its self-reported version, the Moodle install hosted on the remote host is 5.x prior to 5.0.1 . It is, therefore, affected by a Reflected XSS in MathJax. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...
CVE-2025-41406
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...
CVE-2024-51751
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...
CVE-2023-41099
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.from a regular user to SYSTEM...
CVE-2023-28470
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...
CVE-2019-17409
Reflected XSS exists in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter...
CVE-2018-4332
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...
CVE-2015-7831
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used...
CVE-2012-1064
Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Debian: Security Advisory (DLA-4162-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-11924
CVE-2024-11924 corresponds to Icegram Express (formerly Email Subscribers) WordPress plugin prior to 5.7.52. The issue is Stored XSS arising from insufficient sanitisation/escaping of plugin settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disa...
[SECURITY] Fedora 41 Update: podman-tui-1.4.0-1.fc41
podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
aldryn-django (>=5.0.10.0 <=5.0.11.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2025-26699 via django (>=5.0.0 <=5.0.12)
django PYPI version =5.0.0, =5.0.10.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
Joomla! 5.x < 5.2.4 SQL injection
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.11 or 5.x prior to 5.2.4. It is, therefore, affected by a SQL injection vulnerability in the backend task list of comscheduler due to improperly built order clauses. Note that the...
Apache Felix Webconsole 跨站脚本漏洞
Apache Felix Webconsole is a simple tool from the Apache USA Foundation to inspect and manage OSGi framework instances using a web browser. A cross-site scripting vulnerability exists in Apache Felix Webconsole versions 4.x through 4.9.8 and 5.x through 5.0.8, which stems from incorrect...
CVE-2025-24529
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...