Lucene search
K

30 matches found

Vulnrichment
Vulnrichment
added 2026/05/03 4:25 a.m.4 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.7 and prior 10.5.x, 9.11.16 and prior 9.11.x. The vulnerability stems from a failure to negotiate a new token when accepting an invitation,...

3.1CVSS6.4AI score0.00175EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/02/14 4:2 a.m.5 views

SUSE CVE-2024-54682

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

4.9CVSS6.5AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-19934 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance versions 9.x through 11.x Description: Database scanning using a username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant securit...

6.5CVSS7.1AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/03 12:0 a.m.4 views

Google Android 资源管理错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android versions 9, 10, and 11, which can be exploited by an attacker to cause a...

7CVSS5.8AI score0.00183EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.4 views

Google Android 资源管理错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 9, 10, and 11. An attacker can exploit the vulnerability to cause a local...

7.8CVSS5.8AI score0.00245EPSS
Exploits0References3
CNVD
CNVD
added 2020/12/21 12:0 a.m.5 views

HCL iNotes Cross-Site Scripting Vulnerability

HCL iNotes is a browsing client for accessing HCLDomino mail, contacts, calendar, scheduling and collaboration features. A stored cross-site scripting vulnerability exists in HCL iNotes 9, 10, and 11. The vulnerability stems from improper handling of message content. An attacker can exploit this...

6.1CVSS6.5AI score0.01096EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/23 12:0 a.m.4 views

HCL Notes Denial of Service Vulnerability

HCL Notes is an enterprise email client. A denial of service vulnerability exists in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user-supplied input. A remote, unauthenticated attacker can exploit the vulnerability via a specially crafted email to cause the client...

7.5CVSS6.9AI score0.01247EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/20 12:0 a.m.8 views

HCL Software HCL Notes 输入验证错误漏洞

HCL Notes is an enterprise email client. A denial of service vulnerability exists in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user-supplied input. A remote, unauthenticated attacker can exploit the vulnerability via a specially crafted email to cause the client...

7.5CVSS7.1AI score0.01247EPSS
Exploits0References3
CNVD
CNVD
added 2020/08/12 12:0 a.m.3 views

Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2020-47963)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in the MSHTML Engine in Microsoft IE versions 9 and 11, which arises from the program failing to properly validate input...

7.6CVSS8.4AI score0.03666EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/10 12:0 a.m.8 views

Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2021-24960)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Internet Explorer versions 9 and 11, which arises from the program not properly handling objects in memory...

5.3CVSS7.4AI score0.0377EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/13 12:0 a.m.2 views

Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2020-51780)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...

7.6CVSS7.2AI score0.07175EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/13 12:0 a.m.2 views

Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2020-51784)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...

7.6CVSS7.1AI score0.07175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/17 12:0 a.m.8 views

PT-2020-1389 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 9 through 11 Description: A remote code execution issue exists due to incorrect handling of objects in memory by the scripting engine in Internet Explorer. This could allow an attacker to execute arbitrary code in t...

7.6CVSS8AI score0.86863EPSS
Exploits17References39
OSV
OSV
added 2018/12/12 12:29 a.m.5 views

CVE-2018-8643

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10...

7.5CVSS6.3AI score0.09906EPSS
Exploits0References2
CNVD
CNVD
added 2018/02/23 12:0 a.m.5 views

Kentico CMS Cross-Site Scripting Vulnerability

Kentico CMS is an enterprise-grade web content management system and customer experience management system. A cross-site scripting vulnerability exists in Kentico CMS versions 9 through 11, which can be exploited by an attacker to inject arbitrary web script or HTML...

4.8CVSS6.1AI score0.00846EPSS
Exploits3References1
OSV
OSV
added 2018/02/20 3:29 p.m.3 views

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

7.2CVSS6.4AI score0.05519EPSS
Exploits3References1
CNVD
CNVD
added 2017/11/16 12:0 a.m.3 views

Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CNVD-2017-34446)

Internet Explorer IE is a web browser that comes with the Windows operating system. scripting engines is one of the JavaScript engine components. An information disclosure vulnerability exists in the scripting engine in versions 9, 10, and 11 of IE for Microsoft Windows, which arises from the...

5.3CVSS5.8AI score0.12728EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.2 views

Microsoft Internet Explorer and Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-12095)

Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10....

7.6CVSS7.6AI score0.08215EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.3 views

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-12101)

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote memory corruption vulnerability exists in Microsoft IE versions 9, 10, and 11. A remote attacker could exploit this...

7.6CVSS7.7AI score0.06117EPSS
Exploits0References1
Rows per page
Query Builder