Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:36 p.m.โ€ข10 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:17 p.m.โ€ข9 views

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

9.1CVSS8.1AI score0.005EPSS
Exploits3References1
EUVD
EUVD
โ€ขadded 2026/06/01 9:46 p.m.โ€ข12 views

EUVD-2026-33837

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2026/05/28 4:25 p.m.โ€ข20 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/13 12:0 a.m.โ€ข6 views

PT-2026-32509

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References4
OSV
OSV
โ€ขadded 2026/04/06 5:55 p.m.โ€ข2 views

GHSA-CJG8-H5QC-HRJV kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

6.5CVSS5.9AI score0.00427EPSS
Exploits0References7
CVE
CVE
โ€ขadded 2026/01/29 9:47 p.m.โ€ข41 views

CVE-2026-25063

CVE-2026-25063 affects the gradle-completion project (Bash and Zsh completion for Gradle). The issue is a command injection in the Bash completion logic up to and including version 9.3.0, where Gradle task names or descriptions containing backticks can be evaluated as shell commands during Bash t...

8.3CVSS6.2AI score0.00689EPSS
Exploits0References4Affected Software1
OSV
OSV
โ€ขadded 2026/01/20 10:15 p.m.โ€ข4 views

CVE-2026-21940

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: User and User Group. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2025/12/10 4:58 p.m.โ€ข7 views

Malicious code in @cheqplease/structured-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4111b892bba0089b3619c99cd5135fa3693d4a78c790a23017e359beff0cd8 The package @cheqplease/structured-logger was found to contain malicious code. Source: ghsa-malware...

7AI score
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/08 7:20 a.m.โ€ข6 views

EUVD-2025-32906

Malicious code in v0-core npm...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/09/18 4:40 p.m.โ€ข3 views

CVE-2025-58174

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script for example a script element. An...

4.6CVSS5.6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 4:45 a.m.โ€ข11 views

CVE-2023-22700

Cross-Site Request Forgery CSRF vulnerability in PixelYourSite PixelYourSite โ€“ Your smart PIXEL TAG Manager plugin = 9.3.0 versions...

4.3CVSS7.1AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 10:2 a.m.โ€ข8 views

CVE-2019-17121

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values...

5.4CVSS6.1AI score0.00618EPSS
Exploits0References1
Packet Storm
Packet Storm
โ€ขadded 2025/05/19 12:0 a.m.โ€ข203 views

๐Ÿ“„ ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...

7.2AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2024/06/06 12:0 a.m.โ€ข6 views

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

9.8CVSS7.9AI score0.01219EPSS
Exploits1References2
CNNVD
CNNVD
โ€ขadded 2023/11/03 12:0 a.m.โ€ข5 views

IBM MQ Appliance Security Vulnerability

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from International Business Machines IBM. A security vulnerability exists in IBM MQ Appliance version 9.3 that stems from improper security key authentication. An attacker exploited the...

7.8CVSS6.8AI score0.00178EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2023/07/20 3:15 a.m.โ€ข5 views

DEBIAN-CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS8AI score0.76768EPSS
Exploits10References1
CNNVD
CNNVD
โ€ขadded 2023/07/07 12:0 a.m.โ€ข6 views

TOTOLINK LR350 ๅ‘ฝไปคๆณจๅ…ฅๆผๆดž

TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the hostname parameter of the setOpModeCfg method...

9.8CVSS8.5AI score0.01958EPSS
Exploits1References2
OSV
OSV
โ€ขadded 2023/06/06 7:15 p.m.โ€ข0 views

CVE-2023-33653

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML...

8.8CVSS7.8AI score
Exploits0References1
OSV
OSV
โ€ขadded 2018/10/23 9:30 p.m.โ€ข6 views

CVE-2018-17447

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4...

7.5CVSS5.8AI score0.01947EPSS
Exploits0References2
Rows per page
Query Builder