Lucene search
K

18 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.6 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51387

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/03/07 3:7 p.m.29 views

CVE-2026-29191

Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.

9.3CVSS5.7AI score0.00402EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/27 9:26 p.m.6 views

EUVD-2026-8794

ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API...

8.2CVSS5.9AI score0.00176EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/27 9:22 p.m.6 views

EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

4.3CVSS5.9AI score0.00142EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...

8.2CVSS7.3AI score0.00176EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/09/13 4:31 p.m.5 views

@beardeddudes/strapi-types (=0.1.0), @mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3) +17 more potentially affected by CVE-2023-36472 via @strapi/admin (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.11.6)

@strapi/admin NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =1.0.0-alpha.0, =0.0.0-experimental.0a47d9bbb261b49ab02af2597ede27b7bdb196f4, =0.0.0-00c0da0e5db43d5de823f6193c9a3fa0dd11a364, =0.0.0-02d487e4eec68a5961817a4f580ffead9a9362f0,...

5.8CVSS6AI score0.00565EPSS
Exploits1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.3 views

silverstripe framework 跨站脚本漏洞

silverstripe framework is a CMS website framework. A security vulnerability exists in silverstripe framework version 4.11 and earlier versions. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...

5.4CVSS5.5AI score0.00516EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

silverstripe framework 跨站脚本漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.11 and earlier, which originates from allowing XSS to exist via the href attribute of a link...

5.4CVSS5.7AI score0.00516EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

silverstripe framework 跨站脚本漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.11.0 and earlier, which stems from allowing XSS...

5.4CVSS5.7AI score0.00529EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.4 views

SilverStripe 跨站脚本漏洞

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A cross-site scripting vulnerability exists in SilverStripe 4.11 and earlier versions...

6.1CVSS6.2AI score0.00472EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.3 views

PT-2022-23994 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows for an XSS vulnerability via the href attribute of a link. A malicious content author could add a JavaScript payload to the href attribute. This is simila...

5.4CVSS5.7AI score0.00516EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.5 views

PT-2022-24239 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows for XSS attacks. A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitima...

5.4CVSS6AI score0.00516EPSS
Exploits0References10
CNVD
CNVD
added 2020/04/15 12:0 a.m.2 views

Octech Oempro Cross-Site Scripting Vulnerability (CNVD-2020-25974)

Octech Oempro is a suite of email marketing software from Octech USA. A cross-site scripting vulnerability exists in the 'CampaignName' parameter of the Campaign.Create command in Octech Oempro versions 4.7 through 4.11. The vulnerability stems from a lack of proper validation of client-side data...

5.4CVSS6.5AI score0.01347EPSS
Exploits1
OSV
OSV
added 2019/11/06 10:15 a.m.2 views

ALPINE-CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...

6.5CVSS6.6AI score0.03515EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/29 12:0 a.m.5 views

Progress Sitefinity CMS Arbitrary File Upload Vulnerability

Progress Sitefinity CMS is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity CMS versions 4.0 through 11.0. The vulnerability can be exploited by an attacker to conduct a phishing attack using a malicious file...

7.5CVSS7.3AI score0.00967EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/21 12:0 a.m.2 views

Xen Denial of Service Vulnerability (CNVD-2020-23021)

Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...

6.5CVSS7.5AI score0.00399EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/05/19 12:0 a.m.7 views

PT-2017-2222 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the dccp v6 request recv sock function in the net/dccp/ipv6.c file of the Linux kernel, which mishandles inheritance. This allows local users to cause a denial of...

10CVSS8AI score0.60631EPSS
Exploits104References897
Rows per page
Query Builder