Lucene search
+L

121 matches found

openvas
openvas
added 2025/03/06 12:0 a.m.14 views

Mozilla Firefox Out-of-Bounds Access Vulnerability (mfsa_2025-14) - Mac OS X

Mozilla Firefox is prone to an out-of-bounds access vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS7.2AI score0.00391EPSS
Exploits0References1
nessus
nessus
added 2025/02/21 12:0 a.m.20 views

Azure Linux 3.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

8.1CVSS8.2AI score0.89914EPSS
Exploits10References2
ptsecurity
ptsecurity
added 2025/02/07 12:0 a.m.6 views

PT-2025-5994 · Unknown · Eli 280/Bur280/Mlbur 280 Resting Electrocardiograph +3

Name of the Vulnerable Software and Affected Versions: ELI 380 Resting Electrocardiograph versions 2.6.0 and prior ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph versions 2.3.1 and prior ELI 250c/BUR 250c Resting Electrocardiograph versions 2.1.2 and prior ELI 150c/BUR 150c/MLBUR 150c Restin...

7.7CVSS6.9AI score0.00282EPSS
Exploits0References5
nessus
nessus
added 2025/02/06 12:0 a.m.3 views

Amazon DCV Client <= 2023.1.6203 MITM

The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

7.7CVSS5.5AI score0.00494EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/03 7:28 a.m.13 views

CVE-2025-0377

An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References4
openvas
openvas
added 2025/01/22 12:0 a.m.11 views

Oracle MySQL Server 8.0 - 8.0.36, 8.4.0 Security Update (cpujan2025) - Windows

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.9CVSS4.6AI score0.00916EPSS
Exploits0References2
openvas
openvas
added 2025/01/21 12:0 a.m.16 views

OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows

OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...

9.1CVSS9.2AI score0.00819EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/14 12:0 a.m.5 views

PT-2025-3144 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

4.3CVSS6.8AI score0.00235EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2025/01/07 12:0 a.m.8 views

PT-2025-3704 · WordPress · Wordpress Auction Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions 3.7 and earlier Description: The issue allows editors and above to perform SQL injection attacks due to the plugin not sanitizing and escaping a parameter before using it in a SQL statement. Recommendations:...

9.8CVSS9.4AI score0.00617EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2024/12/20 12:0 a.m.4 views

PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00345EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/11/29 12:0 a.m.6 views

PT-2024-35439 · Dcme-320 +3 · Dcme-320 +3

Name of the Vulnerable Software and Affected Versions: DCME-320 versions prior to 7.4.12.90 DCME-520 versions prior to 9.25.5.11 DCME-320-L versions prior to 9.3.5.26 DCME-720 versions prior to 9.1.5.11 Description: The issue allows for Remote Code Execution and Privilege Escalation via the...

9.8CVSS7.6AI score0.00692EPSS
Exploits0References3
nessus
nessus
added 2024/11/26 12:0 a.m.14 views

F5 Networks BIG-IP : Qt vulnerability (K000148690)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148690 advisory. In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPer...

6.5CVSS6.9AI score0.00877EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/11/20 12:0 a.m.4 views

PT-2024-72: Weakness of password policy in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...

6.9CVSS6.6AI score0.00522EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/10/16 12:0 a.m.4 views

PT-2024-9995 · Drupal +1 · Drupal Core +1

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...

5.9CVSS6.1AI score0.00375EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2024/10/06 12:0 a.m.5 views

PT-2024-30892 · Elementor · Nicheaddons Charity Addon For Elementor

Name of the Vulnerable Software and Affected Versions: NicheAddons Charity Addon for Elementor versions 1.3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an...

6.5CVSS5.7AI score0.00263EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/08/09 12:0 a.m.7 views

PT-2024-7557 · Unknown · Jitsi Meet

Name of the Vulnerable Software and Affected Versions: Jitsi Meet versions prior to 2.0.9779 Description: The issue is related to the insecure implementation of the image sharing functionality using giphy in Jitsi Meet. This allows clients to load GIFs from any arbitrary URL if a message from...

7.8CVSS6.6AI score0.0052EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2024/07/20 12:0 a.m.7 views

PT-2024-27863 · Unknown · Meks Smart Author Widget

Name of the Vulnerable Software and Affected Versions: Meks Smart Author Widget versions 1.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...

6.5CVSS5.6AI score0.00359EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/06/08 12:0 a.m.6 views

PT-2024-26645 · Thimpress · Thimpress Eduma

Name of the Vulnerable Software and Affected Versions: ThimPress Eduma versions n/a through 5.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. Recommendations: For versions n/a...

7.1CVSS6.5AI score0.00288EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/05/03 12:0 a.m.7 views

PT-2024-25678 · Unknown · Pterodactyl

Name of the Vulnerable Software and Affected Versions: Pterodactyl versions prior to 1.11.6 Description: Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting XSS on the panel, potentially allowing an attacker to gain an administrator account. The...

6.1CVSS6.1AI score0.00457EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2023/11/28 12:0 a.m.7 views

PT-2023-30706 · Ezviz +1 · Ezviz Cs-C6Cn +3

Name of the Vulnerable Software and Affected Versions: Ezviz CS-C6N-xxx versions prior to v5.3.x build 20230401 Ezviz CS-CV310-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C6CN-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C3N-xxx versions prior to v5.3.x build 20230401 Hikvision...

5.3CVSS5.4AI score0.00832EPSS
Exploits0References11
Rows per page
Query Builder