Lucene search
K

27 matches found

OSV
OSV
added 2026/03/13 6:55 p.m.2 views

GHSA-X8QH-7475-C5MP SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy

Impact In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the...

5.3CVSS5.7AI score0.00521EPSS
Exploits0References5
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

CVE-2026-24873

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/21 9:36 p.m.3 views

CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

8.5CVSS5.9AI score0.00228EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/01/19 6:32 p.m.2 views

CVE-2026-23840

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

9.3CVSS5AI score0.00247EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2025/10/01 9:44 p.m.5 views

WordPress Schema & Structured Data for WP & AMP plugin < 1.50 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.50...

6.1CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.3 views

HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform and HashiCorp...

7.5CVSS6.3AI score0.00697EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.2 views

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from a client accepting trusted certificates for arbitrary hostnames...

5.4CVSS6.5AI score0.00184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/03/06 12:0 a.m.11 views

PT-2025-9915

Name of the Vulnerable Software and Affected Versions Extreme XDS versions prior to 3933 Description The issue allows for the insertion of sensitive information into sent data, enabling the retrieval of embedded sensitive data. Recommendations For versions prior to 3933, update to version 3933 or...

7.6CVSS5.8AI score0.00234EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/01/23 12:0 a.m.5 views

7-Zip Mark-of-the-Web Bypass

Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...

7CVSS7AI score0.67071EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.5 views

PT-2025-7795 · Unknown · Better Auth

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to 1.1.21 Description: The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts a callback URL...

7.9CVSS7.1AI score0.00388EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.2 views

PT-2024-20939 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: bytecodealliance wasm-micro-runtime versions before v.b3f728c Description: The issue allows a remote attacker to escalate privileges via a crafted file to the check was abi compatibility function. Recommendations: For versions before v.b3f728...

8.8CVSS7.5AI score0.00634EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-8650 · Kyocera · Kyocera Device Manager

Name of the Vulnerable Software and Affected Versions: Kyocera Device Manager versions prior to 3.1.1213.0 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to bypass the authentication process. The...

8.3CVSS7.2AI score0.04632EPSS
Exploits1References21
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.3 views

VMware Tools Security Vulnerability

VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security vulnerabilit...

7.4CVSS6AI score0.00402EPSS
Exploits0References12
OSV
OSV
added 2023/04/07 7:15 p.m.8 views

CVE-2023-23762

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...

5.3CVSS5.9AI score0.0064EPSS
Exploits0References5
OSV
OSV
added 2023/03/28 9:15 p.m.1 views

UBUNTU-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS5.7AI score0.01185EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.7 views

Zengenti Contensis Classic 授权问题漏洞

Zengenti Contensis Classic is a content management system from Zengenti UK. A security vulnerability exists in Zengenti Contensis Classic prior to version 15.2.1.79, which stems from a file upload wizard that fails to properly check if a user has been authenticated. The vulnerability can be...

9.8CVSS5.9AI score0.01429EPSS
Exploits1References3
OSV
OSV
added 2022/07/12 9:15 p.m.4 views

CVE-2022-31654

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations...

5.4CVSS5.7AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.1 views

Underscore.deep 安全漏洞

Underscore.deep is an open source utility program for manipulating nested objects from Clever USA. A security vulnerability exists in versions of Underscore.deep prior to 0.5.3, which stems from vulnerability to a prototype contamination vulnerability that can be exploited by an attacker to craft...

9.8CVSS8.3AI score0.00976EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.4 views

PT-2021-15283 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Recommendations: For versions prior to 9.1R12,...

6.5CVSS6.4AI score0.01378EPSS
Exploits0References4
CNVD
CNVD
added 2020/10/29 12:0 a.m.2 views

osCommerce Phoenix CE Cross-Site Request Forgery Vulnerability

OsCommerce is an e-commerce and online store management software program.CE Phoenix is the official community version of osCommerce. A cross-site request forgery vulnerability exists in admin/definelanguage.php in osCommerce CE Phoenix versions prior to 1.0.5.4. No details of the vulnerability ar...

8.8CVSS6.8AI score0.00602EPSS
Exploits1References1
Rows per page
Query Builder