Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

5.4CVSS5.7AI score0.00193EPSS
Exploits1References1
CVE
CVE
added 2026/03/24 5:40 p.m.8 views

CVE-2026-33407

Wallos

9.1CVSS5.8AI score0.00369EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27470

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS5.8AI score0.00497EPSS
Exploits2References4
CVE
CVE
added 2026/03/22 8:35 a.m.14 views

CVE-2026-4542

CVE-2026-4542 affects SSCMS 4.7.0, specifically the LayerImage Endpoint’s LayerImageController.Submit.cs handling of the filePaths argument. The root cause is manipulation of filePaths leading to path traversal. Attack can be performed remotely; exploit maturity is PROOF-OF-CONCEPT. CVSS metrics ...

5.5CVSS5.6AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/03 8:43 p.m.19 views

CVE-2026-24502

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

8.8CVSS0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/02 3:21 p.m.4 views

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References1
Talos
Talos
added 2025/11/24 12:0 a.m.12 views

GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability

Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...

8.3CVSS9.2AI score0.00218EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

Chatwoot 代码注入漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A code injection vulnerability exists in Chatwoot 4.7.0 and earlier versions, which stems from a misuse of the parameter Link in the file...

6.1CVSS4.9AI score0.00367EPSS
Exploits1References4
NVD
NVD
added 2025/09/26 12:15 p.m.5 views

CVE-2025-11012

A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgsbuffer can lead to stack-based buffer overflow. The attack can only be...

7.8CVSS0.00225EPSS
Exploits1References7
OSV
OSV
added 2025/07/08 12:15 p.m.5 views

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...

6.1CVSS6AI score0.00223EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

4.8CVSS7AI score0.00235EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/22 12:0 a.m.4 views

IBM Cognos Dashboards on Cloud Pak for Data Authorization Issues Vulnerability

IBM Cognos Dashboards on Cloud Pak for Data is a business intelligence tool from International Business Machines IBM. A security vulnerability exists in IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0, which stems from a vulnerability that could allow a remote attacker to bypass securit...

6.5CVSS6.6AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2023/09/25 7:15 p.m.6 views

CVE-2023-41871

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Poll Maker Team Poll Maker plugin = 4.7.0 versions...

6.1CVSS7.3AI score0.0033EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/04/01 2:6 a.m.4 views

SUSE CVE-2023-28647

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain...

6.8CVSS6.5AI score0.00278EPSS
Exploits0References3
CNVD
CNVD
added 2020/08/17 12:0 a.m.3 views

Intel Server Board M10JNP2SB Code Issue Vulnerability

Intel Server Board is a server motherboard from Intel Corporation USA. A code issue vulnerability exists in the installer of the RSTe Software RAID Driver for Intel Server Board M10JNP2SB versions prior to 4.7.0.1119. A local attacker could exploit the vulnerability to elevate privileges...

7.8CVSS6.8AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder