Lucene search
K

28 matches found

EUVD
EUVD
added 2026/06/05 7:29 p.m.12 views

EUVD-2026-34906

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the...

8.6CVSS5.4AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.9 views

CVE-2024-54017

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...

6.9CVSS0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:20 a.m.8 views

CVE-2024-54017

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...

6.9CVSS7.2AI score0.00306EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 6:33 a.m.12 views

CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.13 views

MariaDB Server 安全漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Vulnerabilities existed in versions prior to 11.4.10, as well as in versions 11.5.x to 11.8.x, up to 11.8.6, and 12.x up to 12.2.2. These vulnerabilities were due to a buffer overflow in the cachingsha2password...

6.5CVSS6AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-24989

CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

Hitachi Ops Center Administrator 安全漏洞

Hitachi Ops Center Administrator is a management interface and tool for managing Hitachi storage devices at Hitachi, Ltd. Versions of Hitachi Ops Center Administrator prior to 11.0.8 contained security vulnerabilities, which were due to susceptibility to redirection attacks...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 10:18 p.m.4 views

CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.3AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 5:31 p.m.15 views

CVE-2025-46637

Dell Encryption (pre-11.12.1) contains an Improper Link Resolution Before File Access (Link Following) vulnerability that could allow a local attacker to achieve Elevation of Privileges. Affected component: Dell Encryption software; vulnerable version range: prior to 11.12.1. Exploit details are ...

7.3CVSS6.2AI score0.00088EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/14 9:30 a.m.5 views

GHSA-XPG8-8XPV-948P Mattermost does not enforce MFA on WebSocket connections

Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...

6.5CVSS6.8AI score0.00272EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/14 7:58 a.m.1 views

CVE-2025-11776 Guest user can discover archived public channels

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.5AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.5 views

PT-2025-46947

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11 Description Mattermost versions before 11 do not enforce multi-factor authentication on WebSocket connections. This allows unauthenticated users to access sensitive information through WebSocket events...

7.5CVSS6.5AI score0.00272EPSS
Exploits0References10
CBLMariner
CBLMariner
added 2025/11/10 9:36 p.m.4 views

CVE-2021-32256 affecting package gdb for versions less than 11.2-10

CVE-2021-32256 affecting package gdb for versions less than 11.2-10. A patched version of the package is available...

6.5CVSS5.1AI score0.00667EPSS
Exploits1
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.5 views

IGEL OS 安全漏洞

IGEL OS is a terminal operating system from the German company IGEL. A security vulnerability exists in versions prior to IGEL OS 11 that stems from improper signature verification and could lead to bypassing secure boot...

4.6CVSS9.3AI score0.03817EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.4 views

Digital Ant E-Commerce SQL Injection Vulnerability

Digital Ant E-Commerce is an e-commerce platform from Digital Ant, Inc. A SQL injection vulnerability exists in versions of Digital Ant E-Commerce Software prior to 11, which stems from incorrect neutralization of special elements used in SQL commands...

9.8CVSS7.9AI score0.00597EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

Digital Ant E-Commerce Cross-Site Scripting Vulnerability

Digital Ant E-Commerce is an e-commerce platform from Digital Ant, Inc. A cross-site scripting vulnerability exists in versions of Digital Ant E-Commerce Software prior to version 11, which arises from improperly neutralized input during web page generation...

6.1CVSS6.1AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.8 views

PT-2023-25606

Name of the Vulnerable Software and Affected Versions Digital Ant E-Commerce Software versions prior to 11 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker c...

6.1CVSS5.8AI score0.004EPSS
Exploits0References9
OSV
OSV
added 2022/03/23 8:15 p.m.2 views

UBUNTU-CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS5.8AI score0.00754EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.6 views

Cisco Data Center Network Manager 安全漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...

6.5CVSS6.6AI score0.00639EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.7 views

Cisco Data Center Network Manager 安全漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References5
Rows per page
Query Builder