Lucene search
+L

141 matches found

CNNVD
CNNVD
added 2025/12/15 12:0 a.m.5 views

Webutler 安全漏洞

Webutler is an API and data service management platform from German company Webutler. A security vulnerability exists in Webutler version v3.2, which stems from allowing authenticated administrators to upload PHP files, potentially leading to remote code execution...

8.6CVSS8AI score0.00808EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/12/10 6:25 p.m.11 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)

Red Hat AI Inference Server 3.2.2 ROCm is now available. Red Hat® AI Inference Server...

9.8CVSS6.9AI score0.81512EPSS
Exploits16References22
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

3.3CVSS0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

3.3CVSS8.9AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.4 views

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

6AI score0.00218EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.8 views

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...

7.5CVSS6.4AI score0.00223EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.5 views

PT-2025-46971

Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record Management System version 3.2.0 Description The PHPGurukul Student Record Management System version 3.2.0 is susceptible to SQL Injection. This issue affects the login.php file through the id and password parameters...

6.5CVSS7.1AI score0.00235EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/13 8:27 a.m.19 views

CVE-2025-10295 Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-64322

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

5.3CVSS7AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 4:15 a.m.10 views

UBUNTU-CVE-2025-64184

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS5.9AI score0.00443EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/07 3:2 a.m.4 views

CVE-2025-64184 Dosage vulnerable to Directory Traversal through crafted HTTP responses

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6.6AI score0.00443EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 6:27 p.m.3 views

CVE-2025-64320

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0...

6.6AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 1:34 a.m.14 views

CVE-2025-62983

CVE-2025-62983 is a stored XSS in the WordPress plugin Posts By Tag (versions ≤ 3.2.1). The issue arises from improper neutralization of input during web page generation, enabling injection of malicious scripts that could be persisted and reflected to users. The vulnerability is labeled as MEDIUM...

6.5CVSS5.6AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/23 4:15 p.m.10 views

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS0.00749EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19341

Malware in sbrugna...

7.2CVSS7AI score0.01486EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24244

Malicious code in bioql PyPI...

9.4CVSS6.4AI score0.00648EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 8:38 a.m.5 views

CVE-2025-10342 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

5.3CVSS6.7AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.2 views

CVE-2025-57932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 7:22 p.m.12 views

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS0.00835EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/12 11:17 a.m.2 views

CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...

9.4CVSS7.8AI score0.00648EPSS
Exploits0References1
Rows per page
Query Builder