Lucene search
+L

17 matches found

The Hacker News
The Hacker News
added 2026/05/05 11:56 a.m.11 views

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...

9.8CVSS6.8AI score0.39688EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/04/01 12:22 p.m.12 views

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.8AI score0.39688EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:54 a.m.6 views

CVE-2023-4139

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References1
OSV
OSV
added 2023/08/04 3:15 a.m.5 views

CVE-2023-4139

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.8 views

PT-2022-7389

Name of the Vulnerable Software and Affected Versions decode-uri-component version 0.2.0 Confluence Data Center versions 7.0.1 through 9.0.x Description The issue is related to improper input validation, which can result in a denial of service DoS. This can be exploited by a remote attacker,...

7.8CVSS6.6AI score0.24928EPSS
Exploits1References65
OSV
OSV
added 2022/04/12 9:15 a.m.4 views

CVE-2022-25650

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...

6.5CVSS6.5AI score0.00649EPSS
Exploits0References1
OSV
OSV
added 2021/07/30 12:15 p.m.3 views

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300...

8.8CVSS6.3AI score0.01105EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/22 12:0 a.m.2 views

IBM WebSphere Application Server XML External Entity Injection Vulnerability

IBM WebSphere Application Server WAS is by IBM in accordance with open standards, such as Java EE, XML and Web Services, development and distribution of an application server. An XML external entity injection vulnerability exists in IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0. A remote...

7.5CVSS9.3AI score0.02839EPSS
Exploits0References1
OSV
OSV
added 2020/06/05 5:15 p.m.2 views

CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230...

7.5CVSS7.2AI score0.03932EPSS
Exploits0References3
OSV
OSV
added 2020/02/04 5:15 p.m.4 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...

7.2CVSS6.7AI score0.01551EPSS
Exploits0References2
CNVD
CNVD
added 2019/02/13 12:0 a.m.5 views

Google Android System Component Remote Code Execution Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in the System component of Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit the vulnerability to...

7.6CVSS8.1AI score0.01335EPSS
Exploits0References1
OSV
OSV
added 2019/02/05 6:29 p.m.4 views

CVE-2017-1200

IBM BigFix Compliance 1.7 through 1.9.91 TEMA SUAv1 SCA SCM does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a...

5.9CVSS5.8AI score0.00644EPSS
Exploits0References2
OSV
OSV
added 2018/11/12 4:29 p.m.2 views

CVE-2018-1798

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

6.1CVSS5.4AI score0.01494EPSS
Exploits0References4
OSV
OSV
added 2018/10/02 7:29 p.m.5 views

CVE-2018-9504

In sdpcopyrawdata of sdpdiscovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

8.8CVSS6.3AI score0.00893EPSS
Exploits0References4
CNVD
CNVD
added 2018/06/22 12:0 a.m.2 views

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2018-16971)

IBM WebSphere Application Server WAS is by IBM in accordance with open standards, such as Java EE, XML and Web Services, development and distribution of an application server. An information disclosure vulnerability exists in SAML response processing in IBM WebSphere Application Server versions...

7.5CVSS6.2AI score0.02902EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/02 12:0 a.m.6 views

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2017-06809)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WebSphere...

8.8CVSS8.6AI score0.00877EPSS
Exploits0References1
OSV
OSV
added 2017/04/28 5:59 p.m.0 views

CVE-2017-1194

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669...

8.8CVSS5.7AI score0.00877EPSS
Exploits0References3
Rows per page
Query Builder