Lucene search
K

34 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 2:24 p.m.12 views

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

8.8CVSS6.1AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WWBN AVideo 注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an injection vulnerability. This vulnerability stemmed from the improper escaping of CRLF characters in the plugin/Scheduler/downloadICS.php file, which could allo...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the lack of authentication during the decryptString operation, which could lead to...

7.5CVSS5.8AI score0.00234EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/22 4:29 p.m.4 views

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

5.9CVSS6AI score0.00323EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 6:16 p.m.6 views

CVE-2026-26949

Dell Device Management Agent DDMA, versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS5.8AI score0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 10:58 p.m.5 views

CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this...

7.6AI score0.01319EPSS
Exploits4References5
OSV
OSV
added 2026/01/15 9:16 p.m.5 views

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 8:15 p.m.13 views

CVE-2025-34435

AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference IDOR that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video...

8.7CVSS0.00289EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/17 7:50 p.m.5 views

EUVD-2025-203952

AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

8.7CVSS6.5AI score0.00376EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

AVideo 访问控制错误漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. An access control error vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of authentication and ownership verification in the ImageGallery plugin endpoint, which could lead to...

9.3CVSS6.8AI score0.00415EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

AVideo 输入验证错误漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. An input validation error vulnerability exists in AVideo versions prior to 20.0 that stems from insufficient validation of the siteRedirectUri parameter during user registration, which could lead to open...

6.1CVSS6.6AI score0.0016EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-202084

Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through 20.0...

5.3CVSS6.5AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.24 views

CVE-2025-67562

Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through 20.0...

5.4CVSS0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.3 views

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in various Apple products that originates from...

7.8CVSS6.3AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41433

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. An attacker can inject script tags in the CLI...

6.1CVSS6.8AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.6 views

PT-2025-32206 · 4C Strategies · 4C Strategies Exonaut

Name of the Vulnerable Software and Affected Versions: 4C Strategies Exonaut versions prior to 22.4 Description: The 4C Strategies Exonaut software was found to have insecure permissions. Recommendations: Update to version 22.4 or later...

6.5CVSS7.2AI score0.00258EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/16 11:3 a.m.15 views

CVE-2025-4430

Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 published on 22nd August 2024...

8.6CVSS6.9AI score0.00298EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/01/23 12:0 a.m.5 views

7-Zip Mark-of-the-Web Bypass

Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...

7CVSS7AI score0.67071EPSS
Exploits8
Patchstack
Patchstack
added 2024/08/26 6:32 a.m.9 views

WordPress Shield Security plugin < 20.0.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Shield Security versions 20.0.6...

6.1CVSS6.4AI score0.01444EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder