Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/21 8:29 p.m.4 views

CVE-2026-8197

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...

7.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/18 12:30 a.m.26 views

CVE-2026-29057 Next.js: HTTP request smuggling in rewrites

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...

6.3CVSS0.00427EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/21 10:24 p.m.8 views

CVE-2026-21949

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.5CVSS4.9AI score0.00317EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/20 10:15 p.m.5 views

CVE-2026-21952

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS7AI score0.00337EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.4 views

oa_git_free 代码问题漏洞

bestfeng oagitfree line cloud process engine is an enterprise automation process platform from China Cloud OA bestfeng company. A code issue vulnerability exists in oagitfree 9.5 and earlier versions, which originates from the parameter in the file...

6.5CVSS6.6AI score0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44196

Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...

7.5CVSS6.4AI score0.00328EPSS
Exploits0References8
OSV
OSV
added 2025/01/27 11:15 p.m.2 views

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

9.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.7 and 9.10.x through 9.10.0, which stems from a failure to properly implement privilege controls, resulting in the ability to...

2.7CVSS4.4AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.7 views

PT-2024-25156 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions up to 9.5 Description: A path traversal vulnerability exists in the 'cyber security/codeguard' native personality, arising from the improper limitation of a pathname to a restricted directory in the 'process...

9.8CVSS8AI score0.00726EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2021/10/29 12:0 a.m.5 views

PT-2021-7474 · Unknown · Resourcespace

Name of the Vulnerable Software and Affected Versions: ResourceSpace versions 9.5 through 9.6 rev 18274 Description: A SQL injection issue in the pages/edit fields/9 ajax/add keyword.php file of ResourceSpace allows remote unauthenticated attackers to execute arbitrary SQL commands via the k...

10CVSS9.8AI score0.67845EPSS
Exploits1References10
OSV
OSV
added 2021/02/04 7:15 a.m.4 views

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

7.5CVSS7.1AI score0.00688EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.8 views

Netapp Clustered Data ONTAP 安全漏洞

NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.3P20, 9.5P15. An attacker could exploit this vulnerability to discover other storage virtual machines SVM...

3.5CVSS5.8AI score0.00548EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/12 12:0 a.m.3 views

HCL Technologies Digital Experience Code Issue Vulnerability

HCL Technologies Digital Experience is a suite of digital experience platforms, content delivery solutions from HCL Technologies India. A code issue vulnerability exists in HCL Technologies Digital Experience versions 8.5, 9.0, and 9.5, which arises from an improperly designed or implemented code...

9.8CVSS7.1AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.4 views

IBM Security Guardium Database Activity Monitor Authorization Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. An authorization vulnerability exists in IBM Security Guardium Databas...

4.4CVSS6.4AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/29 12:0 a.m.2 views

IBM Rational DOORS Web Access Cross-Site Scripting Vulnerability (CNVD-2018-02502)

IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

5.4CVSS6.2AI score0.00942EPSS
Exploits0References1
OSV
OSV
added 2017/08/31 2:29 p.m.4 views

CVE-2017-1447

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172...

5.4CVSS5.4AI score0.0054EPSS
Exploits0References2
Rows per page
Query Builder