Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52386

Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.9 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 12:59 p.m.16 views

CLEANSTART-2026-RE02723 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.5AI score0.01945EPSS
Exploits4References91
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 3:31 p.m.8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to reflected XSS vulnerability in AFT (CVE-2026-0835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed reflected XSS vulnerability Vulnerability Details CVEID:CVE-2026-0835 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS5.6AI score0.0021EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.4 views

CVE-2026-25323

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

4.3CVSS5.5AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 9:15 p.m.5 views

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS0.01434EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 7:21 a.m.23 views

CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...

6.5CVSS0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 6:15 p.m.6 views

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

3.8CVSS5.7AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/14 12:0 a.m.8 views

CVE-2025-54348

A Stored Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.5 views

CVE-2023-23481

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.4CVSS6.2AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.3 views

IBM Sterling Connect:Direct Web Services 安全漏洞

IBM Sterling Connect:Direct Web Services is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. A security vulnerability exists in IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0 that stems from improper authorization and could...

6.5CVSS6.4AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.11 views

ZTE GoldenDB 安全漏洞

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An improper privilege management vulnerability exists in ZTE GoldenDB...

4.3CVSS6.8AI score0.00233EPSS
Exploits0References2
OSV
OSV
added 2024/12/09 1:15 p.m.6 views

CVE-2023-48324

Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4...

5.4CVSS5.8AI score0.00462EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 4:15 a.m.3 views

CVE-2022-35638

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824...

8.8CVSS5.7AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.3 views

PT-2023-26382 · Minitool · Minitool Movie Maker

Name of the Vulnerable Software and Affected Versions: MiniTool Movie Maker versions 6.1.0 through 7.0 Description: The issue is related to an insecure installation process in MiniTool Movie Maker, which allows attackers to achieve remote code execution through a man-in-the-middle attack...

8.1CVSS8.2AI score0.0063EPSS
Exploits0References6
OSV
OSV
added 2023/08/21 9:15 a.m.5 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

5.4CVSS6AI score0.0148EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.6 views

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. A security vulnerability exists in IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1, which can be exploited by an attacker to trick a victim into visiting a...

9.6CVSS8.4AI score0.0061EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.3 views

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM USA. A security vulnerability in IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and Cloud 22.2 can be exploited by an attacker to perform a Slowloris attack, a denial-of-service DoS attack against a...

7.5CVSS7.3AI score0.0086EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.3 views

WordPress plugin Cimy Header Image Rotator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Cimy Header Image Rotator plugin 6.1.1 and earlier versions are vulnerable to cross-site...

4.3CVSS5.4AI score0.00412EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.3 views

PT-2022-12961 · Palo Alto Networks · Cortex Xsoar

Name of the Vulnerable Software and Affected Versions: Palo Alto Network Cortex XSOAR versions 6.1 through 6.5 Palo Alto Network Cortex XSOAR version 6.6 earlier than 6.6.0 build 6.6.0.2585049 Description: An improper authorization issue in Palo Alto Network Cortex XSOAR software allows...

4.3CVSS4.4AI score0.00511EPSS
Exploits0References3
Rows per page
Query Builder