Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52972

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 9:32 p.m.6 views

JLSEC-2026-67

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS7.1AI score0.02216EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-29102

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 11:16 p.m.7 views

CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 11:13 p.m.5 views

CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

6.5CVSS5.8AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 11:12 p.m.4 views

CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

8.6CVSS6.1AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 11:8 p.m.9 views

CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...

8.8CVSS6.2AI score0.0044EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 11:5 p.m.2 views

CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...

8.1CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 12:16 a.m.11 views

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS0.00248EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/18 11:7 p.m.45 views

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS0.00248EPSS
Exploits1References3
NVD
NVD
added 2025/11/08 2:15 a.m.8 views

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

8.8CVSS0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/08 1:16 a.m.5 views

EUVD-2025-38345

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

6.5CVSS6.3AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.3 views

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00201EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.3 views

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2023/09/27 7:15 p.m.4 views

CVE-2023-4523

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm...

6.1CVSS5.7AI score0.0034EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2023/03/24 7:0 a.m.6 views

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

...

9.8CVSS6.7AI score0.02216EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/18 3:38 a.m.6 views

SUSE CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS6.7AI score0.02216EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/17 12:0 a.m.6 views

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

7.1AI score0.02216EPSS
Exploits0References5
OSV
OSV
added 2022/11/15 11:15 a.m.5 views

CVE-2022-3480

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...

7.5CVSS5.8AI score0.00852EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/01 8:15 a.m.3 views

CVE-2022-3072

Cross-site Scripting XSS - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3...

8CVSS6.7AI score0.00767EPSS
Exploits1References3
Rows per page
Query Builder