Lucene search
K

188 matches found

CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...

5.4CVSS6.1AI score0.00154EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.12 views

PT-2025-46859

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.3.1 Description MaxKB, an open-source AI assistant for enterprise, allows a user to access internal network services, such as databases, through Python code within the tool module. This process operates within a sandb...

7.4CVSS6.8AI score0.002EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/06 3:55 p.m.9 views

CVE-2025-60202 WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.7 views

PT-2025-45275

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS7.1AI score0.0042EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

LinkAce 跨站脚本漏洞

LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...

8.7CVSS5.8AI score0.00239EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/27 3:30 a.m.6 views

EUVD-2025-36009

Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through = 2.3.2...

6.5AI score0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 6:33 p.m.10 views

CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...

6.9CVSS0.00263EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.6 views

Oct8ne Chatbot 跨站脚本漏洞

Oct8ne Chatbot is a chatbot from Oct8ne. A cross-site scripting vulnerability exists in Oct8ne Chatbot version v2.3, which stems from stored cross-site scripting and could lead to an attacker executing JavaScript code in the victim's browser...

6.1CVSS6.1AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/12 3:30 a.m.20 views

CVE-2025-11380

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everestprocessstatus' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for...

5.9CVSS5.4AI score0.00374EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/06 4:44 p.m.4 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.6AI score0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31126

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00394EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.4 views

PT-2025-40061

Name of the Vulnerable Software and Affected Versions ZoloBlocks plugin for WordPress versions prior to 2.3.10 Description The software is susceptible to Stored Cross-Site Scripting XSS through multiple Gutenberg blocks. This is a result of inadequate input sanitization and output escaping of...

6.4CVSS5.3AI score0.00232EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/09/24 6:32 p.m.4 views

CVE-2025-58678

Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through = 2.3.15...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.4 views

PT-2025-38815

Name of the Vulnerable Software and Affected Versions WP CodeUs WP Proposals versions prior to 2.3 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.0026EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/06 12:6 a.m.5 views

WordPress Optio Dentistry plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Optio Dentistry versions = 2.2...

6.4CVSS5.5AI score0.00216EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.13 views

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

9.3CVSS9.2AI score0.02848EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/08/09 2:0 a.m.9 views

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

5.3CVSS6.9AI score0.00211EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/09 1:32 a.m.7 views

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.4 views

Quantum DXi6702 安全漏洞

Quantum DXi6702 is a disk backup and deduplication appliance from Quantum Corporation, USA. A security vulnerability exists in the Quantum DXi6702 version 2.3.0.3, which stems from an XML external entity injection issue that could lead to information disclosure...

9.8CVSS6.8AI score0.00707EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/07/16 11:10 a.m.5 views

Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.23 CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898 Patch Instructions: To install th...

8.7CVSS7.3AI score0.00911EPSS
Exploits0References10
Rows per page
Query Builder