Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

CyreneAdmin 路径遍历漏洞

CyreneAdmin is a backend management system developed by CoCoTea’s individual developers. Versions of CyreneAdmin prior to 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Avatar” in files/api/system/user/getAvatar, which could le...

6.5CVSS5.8AI score0.00517EPSS
Exploits1References3
NVD
NVD
added 2025/11/06 4:16 p.m.30 views

CVE-2025-62047

Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through 1.3.0...

9.9CVSS0.00409EPSS
Exploits0References1
OSV
OSV
added 2025/06/20 7:15 a.m.4 views

CVE-2025-50054

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...

5.5CVSS6AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.6 views

libavif 输入验证错误漏洞

libavif is an Alliance for Open Media open source library for encoding and decoding .avif files. A security vulnerability exists in libavif versions prior to 1.3.0 that stems from the presence of an integer overflow...

6.5CVSS4.7AI score0.00269EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/01/06 12:53 p.m.4 views

WordPress Tevily theme < 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Tevily - Travel & Tour Booking WordPress Theme versions 1.3.0...

7.1CVSS6.1AI score0.00184EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.5 views

WordPress plugin Consulting Elementor Widgets Path Traversal Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

8.8CVSS6.6AI score0.00525EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/21 12:0 a.m.3 views

Apache Answer 跨站脚本漏洞

Apache Answer is a community platform of the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Answer versions prior to 1.3.0 that stems from the presence of a cross-site scripting XSS vulnerability...

4.6CVSS5.9AI score0.00966EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.5 views

PT-2024-22176 · Unknown · Wp Sendfox

Name of the Vulnerable Software and Affected Versions: WP SendFox versions 1.3.0 and earlier Description: A Missing Authorization issue has been identified. This issue affects the functionality of the software, potentially allowing unauthorized access. Recommendations: For WP SendFox versions 1.3...

5.4CVSS9.5AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.6 views

Atlassian Jira 跨站请求伪造漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing all kinds of issues and defects in the workplace. Atlassian Jira icingaweb2-module-jira versions prior to 1.3.0 through 1.3.2 are vulnerable to a cross-site request...

8.8CVSS7.7AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2023/03/28 2:15 p.m.4 views

CVE-2022-3685

A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs:...

7.2CVSS5.8AI score0.00345EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.18 views

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.3.0, which arises from unsafe deserialization of...

8.8CVSS6.9AI score0.02143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/03/10 12:0 a.m.5 views

PT-2022-13448 · Unknown · Orchardcore

Name of the Vulnerable Software and Affected Versions: orchardcore versions prior to 1.3.0 Description: The issue is related to improper authorization in the GitHub repository orchardcms/orchardcore. Recommendations: For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the iss...

7.1CVSS6.5AI score0.00728EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2019/12/13 12:36 a.m.2 views

cfme: rubygem-rubyzip denial of service via crafted ZIP file

A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...

7.1CVSS6.4AI score0.01581EPSS
Exploits1References4
OSV
OSV
added 2019/06/13 7:29 p.m.5 views

CVE-2018-10946

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...

6.8CVSS5.8AI score0.00487EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/21 12:0 a.m.3 views

Lenovo XClarity Administrator Information Disclosure Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A security vulnerability exists in LXCA versions prior to...

7.8CVSS6.2AI score0.004EPSS
Exploits0References1
Rows per page
Query Builder