Lucene search
+L

1325 matches found

cve
cve
added 2026/02/09 3:14 a.m.13 views

CVE-2025-66604

CVE-2025-66604 affects Yokogawa FAST/TOOLS: FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB across R9.01–R10.04. Root cause is disclosure of the library version on the web page, which could enable attacker-initiated follow-on attacks. Documented impact indicates information exposure wit...

5.3CVSS5.3AI score0.00118EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.6 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 version up to R10.04. These vulnerabilities stem from the possibility of the library version being...

5.3CVSS5.7AI score0.00118EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.8 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the possibility of physical paths being...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/09 12:0 a.m.7 views

PT-2026-7047

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.3AI score0.00261EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.11 views

PT-2026-6001

Name of the Vulnerable Software and Affected Versions Kod8 Individual and SME Website versions through 03022026 Description The Kod8 Individual and SME Website software contains a flaw related to improper neutralization of input during web page generation, leading to a Reflected Cross-Site...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/24 3:17 a.m.16 views

CVE-2026-21264

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.4AI score0.0037EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/15 1:8 p.m.4 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS5.5AI score0.00286EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/01/13 12:0 a.m.11 views

PT-2026-2401

Name of the Vulnerable Software and Affected Versions Prowise Reflect version 1.0.9 Description Prowise Reflect version 1.0.9 has a remote keystroke injection issue. An exposed WebSocket on port 8082 allows attackers to send keyboard events. Malicious web pages can be created to inject keystrokes...

9.8CVSS7AI score0.00336EPSS
Exploits1References6
cve
cve
added 2026/01/07 11:9 p.m.17 views

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

5.3CVSS6.4AI score0.00146EPSS
Exploits1References5
cvelist
cvelist
added 2026/01/07 11:9 p.m.31 views

CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that...

5.3CVSS0.00146EPSS
Exploits1References5
redhatcve
redhatcve
added 2026/01/07 9:38 a.m.9 views

CVE-1999-0440

The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...

7.5CVSS7.5AI score0.03636EPSS
Exploits0References1
nessus
nessus
added 2026/01/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000384 advisory. In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP...

6.5CVSS6.5AI score0.02571EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/06 12:0 a.m.14 views

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.3CVSS6.7AI score0.00142EPSS
Exploits1References8
cve
cve
added 2025/12/24 7:27 p.m.5 views

CVE-2018-25127

CVE-2018-25127 affects SOCA Access Control System 180612. The issue is a cross-site request forgery in the admin interface caused by lack of proper request validation, allowing forged requests to create admin accounts when a user visits a malicious page. Affected component: admin interface/API en...

5.3CVSS6.4AI score0.00191EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/12/24 12:0 a.m.6 views

PT-2025-53092

Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...

5.4CVSS5.7AI score0.00135EPSS
Exploits0References4
cve
cve
added 2025/12/23 7:34 p.m.14 views

CVE-2021-47722

CVE-2021-47722 affects Zucchetti Axess CLOKI Access Control 1.64. The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to manipulate access control settings by tricking an authenticated user into loading a malicious page; no user interaction beyond visiting the attacke...

5.1CVSS6.3AI score0.00176EPSS
Exploits1References4
nvd
nvd
added 2025/12/15 9:15 p.m.5 views

CVE-2023-53871

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

9.8CVSS0.00558EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/12/15 8:28 p.m.2 views

CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS6AI score0.00295EPSS
Exploits0References3
euvd
euvd
added 2025/12/11 12:0 a.m.5 views

EUVD-2025-202709

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in...

7.3CVSS7.2AI score0.00105EPSS
Exploits0References2
euvd
euvd
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202051

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TalentSoft Software e-BAP Automation allows Cross-Site Scripting XSS.This issue affects e-BAP Automation: from 1.8.96 before v.41815...

5.3CVSS5.4AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder