Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 10:32 a.m.10 views

CVE-2026-8464 Path traversal in Neuron Soft Golem OEE MES

Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...

8.3CVSS5.5AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 10:32 a.m.22 views

CVE-2026-8464

CVE-2026-8464 : Golem OEE MES is affected by an unauthenticated path-traversal vulnerability that could allow an attacker in the same local network to read arbitrary files from the server by manipulating HTTP request paths. The issue is fixed in version 11.6.0. Affected product: Golem OEE MES; vu...

8.3CVSS5.5AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 9:17 p.m.4 views

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

6.1CVSS0.00237EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 8:59 p.m.11 views

CVE-2026-26058

Zulip (open-source team collaboration tool) is affected in versions 1.4.0 up to, but not including, 11.6. The vulnerability arises in the import path where ./manage.py import can read arbitrary server files due to path traversal in uploads/records.json. A crafted export tarball can cause the serv...

6.1CVSS6AI score0.00237EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 8:12 p.m.1 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/03 8:12 p.m.16 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS0.00312EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.11 views

PT-2026-21362

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS5.4AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/25 5:31 a.m.6 views

EUVD-2025-35901

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.9AI score0.00227EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/15 9:37 p.m.11 views

CVE-2025-61797

Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

5.4CVSS5.4AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 10:15 p.m.5 views

CVE-2025-61796

Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

5.4CVSS5.7AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.5 views

IBM InfoSphere Master Data Management 跨站脚本漏洞

IBM InfoSphere Master Data Management is a product information management software from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 that originates from stored cross-site scripting and coul...

5.4CVSS5.5AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.6 views

PT-2024-13632 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting xss vulnerability exists in the function getOpenGraph videoName functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

9.6CVSS6.6AI score0.02268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.5 views

PT-2024-13424 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 15fed957fb Description: An information disclosure issue exists in the aVideoEncoder.json.php chunkFile path functionality. A specially crafted HTTP request can lead to arbitrary file read...

6.5CVSS6.9AI score0.01072EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.8 views

PT-2024-13523 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 11.6 WWBN AVideo dev master commit 15fed957fb Description: A cross-site scripting xss issue exists in the channelBody.php user name functionality. This allows arbitrary Javascript execution through a specially crafted HTTP...

9CVSS6.2AI score0.008EPSS
Exploits1References6
OSV
OSV
added 2023/11/30 1:15 p.m.4 views

CVE-2023-6071

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...

7.2CVSS6.1AI score0.00851EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.7 views

Recoverit Data Recovery Trust Management Issues Vulnerability

Recoverit Data Recovery is a data recovery tool from Recoverit. A security vulnerability exists in Recoverit Data Recovery version 11.6, which originated from a vulnerability that allows an attacker to achieve remote code execution via a man-in-the-middle attack...

8.1CVSS7.9AI score0.0063EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.4 views

PT-2023-26383 · Minitool · Minitool Power Data Recovery

Name of the Vulnerable Software and Affected Versions: MiniTool Power Data Recovery version 11.6 Description: The issue is related to an insecure installation process in MiniTool Power Data Recovery, which can be exploited through a man-in-the-middle attack, allowing attackers to achieve remote...

8.1CVSS8.3AI score0.0063EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/27 12:0 a.m.5 views

PT-2023-22225 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue affects the Picture Upload Handler component, specifically the file member.php, where the manipulation of the oldpic argument leads to denial of service. The attack can be initiated remotel...

6.5CVSS7AI score0.0087EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.4 views

PT-2023-16644 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue was found in the Picture Management component, specifically affecting some unknown functionality of the file /data/config.ftp.php. This issue leads to deserialization and can be exploited...

9.8CVSS5.1AI score0.00978EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.6 views

Kiwi TCMS 安全漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS version 11.6 and prior versions, which stems from the fact that when a user registers for a new account or changes their password,...

8.8CVSS7.8AI score0.00681EPSS
Exploits0References4
Rows per page
Query Builder