Lucene search
K

804 matches found

Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.12 views

PT-2026-2143

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. The ImportIam API endpoint incorrectly validates permissions using ExportIAMAction instead of ImportIAMAction. This allows a...

7.1CVSS6.7AI score0.00392EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.6 views

CVE-2019-16461

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

7.5CVSS6.1AI score0.03252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.11 views

CVE-2024-2651

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...

6.5CVSS6.4AI score0.33301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.8 views

CVE-2024-2450

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request und...

8.8CVSS6.5AI score0.00596EPSS
Exploits0References1
CVE
CVE
added 2026/01/05 2:5 p.m.12 views

CVE-2025-12511

Centreon CVE-2025-12511 is a Stored XSS vulnerability in Centreon Infra Monitoring’s DSM extension configuration modules caused by improper input neutralization during web page generation. Affected versions: 25.10.0–1 (vulnerable before 25.10.1), 24.10.0–4 (before 24.10.4), and 24.04.0–8 (before ...

6.8CVSS5.1AI score0.00163EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/12/29 10:15 p.m.6 views

CVE-2025-68502

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through = 2.0.20.1...

4.3CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 3:15 p.m.5 views

CVE-2025-64467

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS6AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.24 views

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50585

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.6 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 Description GitLab has addressed an issue that could allow an authenticated user to reveal sensitive information...

4CVSS6.1AI score0.0023EPSS
Exploits0References9
EUVD
EUVD
added 2025/12/05 6:31 p.m.6 views

EUVD-2025-201412

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

6.4AI score0.00495EPSS
Exploits1References10
CVE
CVE
added 2025/12/05 4:18 p.m.19 views

CVE-2025-66510

CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...

4.9CVSS6AI score0.00302EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48814

Name of the Vulnerable Software and Affected Versions Akamai Guardicore Platform Agent versions prior to 50.15.0 Akamai Guardicore Platform Agent versions prior to 51.12.0 Akamai Guardicore Platform Agent versions prior to 52.1.1 Description The Akamai Guardicore Platform Agent has a flaw that...

7.8CVSS6.7AI score0.00131EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.3 views

PT-2025-46871

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.11 Mattermost versions 10.11.0 through 10.11.3 Description The software does not properly validate team membership permissions in the Add Channel Member API. This allows users from one team to access use...

4.3CVSS6.2AI score0.00177EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.3 views

PT-2025-47053

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.9 through 18.3.5 GitLab CE/EE versions 18.4 through 18.4.3 GitLab CE/EE versions 18.5 through 18.5.1 Description An authenticated attacker could bypass access control restrictions and view GitLab Pages content intended...

4.3CVSS6.4AI score0.00247EPSS
Exploits0References10
OSV
OSV
added 2025/11/05 3:15 p.m.5 views

PYSEC-2025-107

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

7.5CVSS7.3AI score0.0193EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/03 12:0 a.m.1 views

FreeBSD : Firefox -- Sandbox escape due to undefined behavior (8b5f4eb3-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8b5f4eb3-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior,...

7.3CVSS7.7AI score0.00329EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 10:43 a.m.2 views

CVE-2025-39663 Cross Site Scripting through compromised remote site

Cross-Site Scripting XSS vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 eol...

8.5CVSS5.6AI score0.0055EPSS
Exploits1References2
OSV
OSV
added 2025/10/30 12:31 a.m.4 views

GHSA-8HW3-GHWV-CRFH Liferay Portal vulnerable to password enumeration

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

6.3CVSS7.1AI score0.00368EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.6 views

CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

9.8CVSS7.2AI score0.00915EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/14 2:59 p.m.8 views

CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps group configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from...

6.8CVSS0.00241EPSS
Exploits0References2
Rows per page
Query Builder