Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-47051

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description An authenticated attacker can inject malicious JavaScript into their user profile and abuse the password reset functionality to send a link to an HTML page. When a victim visits this page, the...

8.6CVSS5.4AI score0.00147EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.2 views

CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References1
NVD
NVD
added 2026/03/25 3:16 a.m.5 views

CVE-2026-2072

Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...

8.2CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 5:58 a.m.12 views

CVE-2026-33855

CVE-2026-33855 describes an Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7, affecting Android-ImageMagick7 prior to 7.1.2-11. The Red Hat and EU/NVD/NIST entries corroborate the issue. The vulnerability’s impact is noted as HIGH for availability (per NVD CVSS3.1) with a LOCA...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of encryption steps in the DSA signature implementation, which could lead to the exposure of private key...

9.4CVSS5.8AI score0.003EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

4.3CVSS6.1AI score0.00309EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from field-level permissions not being properly cleared when deleting fields, which could lea...

5.4CVSS6.3AI score0.00166EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.5 views

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

7.5CVSS6.5AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 11:49 a.m.2 views

CVE-2025-9313 Unauthorized database access in Asseco mMedica

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

9.3CVSS6.8AI score0.00528EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/28 11:49 a.m.7 views

CVE-2025-9313 Unauthorized database access in Asseco mMedica

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

9.3CVSS0.00528EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 3:22 a.m.37 views

CVE-2025-57791

CVE-2025-57791 is an argument-injection vulnerability in Commvault components, enabling remote injection/manipulation of command-line arguments due to insufficient input validation. Exploitation can yield a valid session for a low-privilege user, and is part of an exploit chain including CVE-2025...

6.9CVSS6.3AI score0.20719EPSS
Exploits3References1Affected Software1
EUVD
EUVD
added 2025/08/20 3:22 a.m.6 views

EUVD-2025-25256

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution...

8.8CVSS7.4AI score0.16114EPSS
Exploits3References1
OSV
OSV
added 2023/08/08 3:15 p.m.6 views

CVE-2023-3652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11...

6.1CVSS5.8AI score0.004EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/23 8:15 p.m.5 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS5.4AI score0.00754EPSS
Exploits0References2
OSV
OSV
added 2022/03/04 6:15 p.m.6 views

CVE-2022-23233

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...

7.5CVSS5.8AI score0.00916EPSS
Exploits0References1
OSV
OSV
added 2021/12/22 6:15 a.m.6 views

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

5.5CVSS7.3AI score0.03001EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.7 views

Cisco Data Center Network Manager SQL注入漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

8.8CVSS7.4AI score0.01901EPSS
Exploits0References5
CNVD
CNVD
added 2020/08/19 12:0 a.m.4 views

McAfee Data Loss Prevention Endpoint for Mac Credential Protection Vulnerability

McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from McAfee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transmission, shared endpoint data flow control and data...

5.2CVSS6.4AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2020/08/12 10:15 p.m.4 views

CVE-2020-7301

Cross Site scripting vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section...

4.6CVSS5.8AI score0.0051EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/29 12:0 a.m.2 views

Apple Xcode ld64 Component Arbitrary Code Execution Vulnerability

Apple Xcode is a set of integrated development environments IDEs provided to developers by Apple, Inc. that are used to develop applications for Mac OS X and iOS. ld64 is one of the Apple toolchain linking programs. An arbitrary code execution vulnerability exists in the ld64 component of Apple...

9.3CVSS8AI score0.01881EPSS
Exploits0References1
Rows per page
Query Builder