Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.3 views

PT-2025-21979 · WordPress · Wpadverts

Name of the Vulnerable Software and Affected Versions: WPAdverts versions through 2.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This enables potential attackers to inject...

6.5CVSS6.2AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.5 views

PT-2025-22000 · Asmedia · Asmedia Tuaug4

Name of the Vulnerable Software and Affected Versions: Asmedia Tuaug4 versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

7.1CVSS9.2AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2025/05/17 4:15 p.m.40 views

CVE-2025-47931

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting XSS Vulnerability in the group name parameter of the http://localhost/poller/groups form. This vulnerability allows attackers to inject malicious scripts into web...

6.1CVSS0.00272EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.6 views

PT-2025-21701 · Nasa Core · Nasa Core

Name of the Vulnerable Software and Affected Versions: Nasa Core versions through 6.3.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

8.8CVSS8AI score0.00673EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21393 · WordPress · Happyforms

Name of the Vulnerable Software and Affected Versions: Happyforms versions prior to 1.26.3 Description: The issue concerns the Happyforms plugin for WordPress, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform...

4.8CVSS4.8AI score0.00266EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.13 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-21687)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21687 advisory. - In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of...

7.8CVSS6AI score0.00229EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/06 12:0 a.m.14 views

MediaWiki < 1.39.9, 1.40.x < 1.41.3, 1.42.x < 1.42.2 Information Disclosure Vulnerability - Windows

MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.5AI score0.00453EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.12 views

CBL Mariner 2.0 Security Update: kernel (CVE-2025-21761)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21761 advisory. - In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in...

7.8CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.5 views

PT-2025-18157

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Thunderbird versions prior to 138 Description A security issue in Firefox and Thunderbird allows malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that has invoked t...

9.8CVSS8.7AI score0.09348EPSS
Exploits2References130
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.8 views

PT-2025-17818 · Unknown · Shamim Hasan Custom Functions Plugin

Name of the Vulnerable Software and Affected Versions: Shamim Hasan Custom Functions Plugin versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For Shamim Hasan Custom Functions Plugin versions 1.1 and earlier...

7.1CVSS7.4AI score0.00116EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/04/23 12:0 a.m.4 views

Tenable Nessus Privilege Escalation Vulnerability (TNS-2025-05)

Tenable Nessus is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.6AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16422

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQ...

7.5CVSS5.6AI score0.01226EPSS
Exploits2References311
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.6 views

PT-2025-16362 · Openrazer +1 · Openrazer +1

Name of the Vulnerable Software and Affected Versions: OpenRazer versions prior to 3.10.2 Description: The issue allows an attacker to cause the custom kernel driver to read more bytes than provided by user space by writing specially crafted data to the matrix custom frame file. This data will be...

9.8CVSS6.3AI score0.02072EPSS
Exploits3References25
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15597 · Otwthemes · Otwthemes Widgetize Pages Light

Name of the Vulnerable Software and Affected Versions: OTWthemes Widgetize Pages Light versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15469 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla versions up to 4.4.12 and 5.2.5 Description: The issue is related to insufficient state checks, which create a vector allowing attackers to bypass 2FA checks. This leads to improper authentication. Recommendations: For Joomla versions ...

7.5CVSS6.1AI score0.00393EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.10 views

PT-2025-15293 · Unknown · Apollo-Compiler

Name of the Vulnerable Software and Affected Versions: apollo-compiler versions prior to 1.27.0 Description: The issue concerns a query-based compiler for the GraphQL query language. Prior to version 1.27.0, a vulnerability allowed queries with deeply nested and reused named fragments to be...

7.5CVSS6.2AI score0.00404EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.6 views

PT-2025-14984 · Woocommerce · Ni Woocommerce Cost Of Goods

Name of the Vulnerable Software and Affected Versions: Anzar Ahmed Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This means that an attacker can inject...

6.5CVSS6.6AI score0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-14182 · Publitio · Publitio

Name of the Vulnerable Software and Affected Versions: Publitio versions 2.1.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For Publitio versions 2.1...

4.3CVSS5.4AI score0.00372EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.15 views

CBL Mariner 2.0 Security Update: php (CVE-2025-1217)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1217 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

6.3CVSS6.3AI score0.00547EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.5 views

PT-2025-13864 · Drupal · Drupal Two-Factor Authentication

Name of the Vulnerable Software and Affected Versions: Drupal Two-factor Authentication TFA versions 0.0.0 through 1.10.0 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication TFA module, allowing Forceful Browsing. Recommendations:...

8.1CVSS6.3AI score0.00369EPSS
Exploits0References7
Rows per page
Query Builder