Lucene search
+L

121 matches found

Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.8 views

PT-2025-28838 · Unknown · Sala - Startup & Saas Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Sala - Startup & SaaS WordPress Theme versions prior to 1.1.5 Description: The issue arises from the theme's failure to properly validate a user's identity before updating their details, such as the password. This allows unauthenticated...

9.8CVSS6.8AI score0.00561EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2025/07/03 12:0 a.m.6 views

Tenable Nessus Multiple Vulnerabilities (TNS-2025-13)

Tenable Nessus is prone to multiple vulnerabilities in various third-party components libxml2, libxslt. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.8CVSS8AI score0.01067EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.4 views

PT-2025-27660 · Unknown · Xinference

Name of the Vulnerable Software and Affected Versions: Xinference versions prior to 1.4.0 Description: The issue is related to incorrect access control, allowing attackers to access the Web GUI without authentication. Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later ...

5.3CVSS6.3AI score0.00344EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.3 views

PT-2025-25678 · Nasa Core · Nasa Core

Name of the Vulnerable Software and Affected Versions: Nasa Core versions through 6.3.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions through 6.3.2, update...

7.1CVSS6.7AI score0.00222EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.8 views

QNAP QTS Multiple OpenSSH Vulnerabilities (QSA-25-14)

QNAP QTS is prone to multiple vulnerabilities in OpenSSH. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescriptio...

6.8CVSS7.3AI score0.38474EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.6 views

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

5.4CVSS5.3AI score0.00343EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/06/10 12:0 a.m.26 views

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

0.00343EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/06/08 12:0 a.m.7 views

PT-2025-24355 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.3 Description: The issue allows a local attacker to cause apps to crash through type confusion. Recommendations: For versions prior to 5.0.3, update to a version that contains a fix for this issue. At the...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/07 12:0 a.m.9 views

PT-2025-24336 · Unknown · Ltl Freight Quotes – Daylight Edition +2

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – Freightview Edition versions 1.0.11 and earlier LTL Freight Quotes – Daylight Edition versions 2.2.6 and earlier LTL Freight Quotes – Day & Ross Edition versions 2.1.10 and earlier Description: The issue is related to...

7.2CVSS6.3AI score0.00284EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.8 views

PT-2025-24172 · WordPress · Wp Wham All Currencies For Woocommerce

Name of the Vulnerable Software and Affected Versions: WP Wham All Currencies for WooCommerce versions n/a through 2.4.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...

6.5CVSS6.2AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.7 views

PT-2025-23944 · Unknown · Bdthemes Element Pack Pro

Name of the Vulnerable Software and Affected Versions: BdThemes Element Pack Pro versions prior to 8.0.0 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions prior to 8.0.0, upda...

4.3CVSS9.3AI score0.00127EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.2 views

PT-2025-23508 · Sslh +1 · Sslh +1

Name of the Vulnerable Software and Affected Versions: sslh versions prior to 2.2.4 Description: A Use of Out-of-range Pointer Offset issue in sslh leads to denial of service on some architectures. Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue...

6.9CVSS6.2AI score0.00404EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.11 views

CVE-2024-55892

TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs e.g., via a query parameter and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the...

6.1CVSS6.8AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.11 views

CVE-2023-39342

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...

3.6CVSS6.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.6 views

CVE-2023-33963

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS7.5AI score0.01344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.8 views

CVE-2023-32310

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS6.7AI score0.01014EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/22 12:47 p.m.8 views

CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

7.2CVSS7AI score0.00593EPSS
Exploits0References2
NVD
NVD
added 2025/05/21 6:15 p.m.20 views

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...

7.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 2:7 p.m.38 views

CVE-2025-47941

The TYPO3 CVE-2025-47941 vulnerability affects TYPO3 CMS where the MFA dialog during backend login can be bypassed due to insufficient enforcement of access restrictions on backend routes. Exploitation requires valid backend credentials and MFA can be bypassed after authentication. Affected versi...

7.2CVSS7.2AI score0.00409EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.6 views

PT-2025-22117 · Salesforce · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to Spring 2025 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper, which allows the exposure of encrypted data. Recommendations:...

7.5CVSS9.2AI score0.0041EPSS
Exploits0References7
Rows per page
Query Builder