Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/17 1:18 p.m.5 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.45 views

pac4j 安全漏洞

pac4j is a simple yet powerful Java security engine developed by pac4j OpenSource. It is used to authenticate users, retrieve their configuration files, and manage authorizations, thereby protecting web applications and web services. There were security vulnerabilities in versions of pac4j before...

7CVSS5.9AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 4:16 p.m.3 views

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

6.7CVSS0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 1:16 p.m.9 views

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

9.2CVSS0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.11 views

ABB Ability OPTIMAX security vulnerabilities

ABB Ability OPTIMAX is a digital energy management optimization system developed by the Swiss company ABB. There were security vulnerabilities in versions 6.1, 6.2, 6.3.0 through 6.3.1-251120, and from version 6.4.0 through 6.4.1-251120. These vulnerabilities stemmed from incorrect implementation...

9.2CVSS5.8AI score0.0039EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-13497 Recras WordPress plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute

The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'recrasname' shortcode attribute in all versions up to, and including, 6.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2025/09/02 2:15 p.m.4 views

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

6.5CVSS0.00331EPSS
Exploits3References2
OSV
OSV
added 2024/12/09 1:15 p.m.5 views

CVE-2024-54217

Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1...

5.4CVSS7.3AI score0.00433EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.5 views

QDocs Smart School SQL Injection Vulnerability

QDocs Smart School is a Smart School application from QDocs, Inc. QDocs Smart School version 6.4.1 has a SQL injection vulnerability that originates from the parameter searchdata0title/searchdata0searchfield/searchdata0 searchvalue can cause sql injection...

9.8CVSS8.4AI score0.0106EPSS
Exploits4References5
OSV
OSV
added 2023/08/10 8:15 p.m.5 views

CVE-2023-32562

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1...

9.8CVSS5.9AI score0.38414EPSS
Exploits0References1
OSV
OSV
added 2023/08/10 7:15 p.m.4 views

CVE-2023-32566

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

9.1CVSS5.8AI score0.02136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/13 6:15 p.m.4 views

CVE-2022-1337

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files...

6.5CVSS6.5AI score0.00882EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/12/08 5:15 p.m.4 views

CVE-2021-36188

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers...

6.1CVSS5.9AI score0.00652EPSS
Exploits0References1
OSV
OSV
added 2021/12/08 2:15 p.m.3 views

CVE-2021-43063

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage...

6.1CVSS6.5AI score0.00885EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/12/08 12:0 a.m.3 views

PT-2021-21172 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 6.4.1 and below Fortinet FortiWeb versions 6.3.15 and below Description: The issue involves an unintended proxy or intermediary, referred to as a 'confused deputy', which allows an unauthenticated attacker to access...

6.5CVSS6.3AI score0.00807EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.5 views

Fortinet FortiClientEms 路径遍历漏洞

Fortinet FortiClientEms is a centralized, centralized management system from Fortinet, USA. A path traversal vulnerability exists in Fortinet FortiClientEMS versions 6.4.1 and below; 6.2.8 and below, which can be exploited by an attacker to add/remove files to/from a server by injecting a sequenc...

5.5CVSS5.8AI score0.01109EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/04 6:51 p.m.3 views

EAP: LDAP bind password is being logged with TRACE log level

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform EAP before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled...

5.9CVSS6.2AI score0.01716EPSS
Exploits1References4
Rows per page
Query Builder