Lucene search
K

38 matches found

Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25003

Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51915

Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower Description A flaw exists in the way the software handles path-relative stylesheet imports. This could allow for the execution of malicious code within specific web pages...

3.7CVSS6.9AI score0.00166EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 4:18 p.m.4 views

CVE-2025-65287

An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...

4.3CVSS6AI score0.00757EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-3798

Malware in sbrugna...

9.8CVSS9.2AI score0.03502EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6909

Malware in sbrugna...

5.4CVSS5.7AI score0.00615EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2016-6910

Malware in sbrugna...

4.9CVSS5.4AI score0.01403EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-36777

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00852EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2023-50564

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00446EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-28571

Malicious code in bioql PyPI...

5.4CVSS5.1AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from insufficient validation of transactionID parameter input validation and output encoding, which could lead to cross-site scripting attacks...

6.1CVSS6AI score0.00328EPSS
Exploits1References5
CVE
CVE
added 2025/09/16 12:18 p.m.17 views

CVE-2025-10546

Vulnerability: CVE-2025-10546 affects PPC 2K15X Router. Root cause: improper input validation of CGI parameters in the web management portal. Impact: remote attacker can inject JavaScript to achieve reflected XSS on the target system. Exploitation status: described as remote/network-based, with u...

5.1CVSS5.7AI score0.0046EPSS
Exploits0References1
Talos
Talos
added 2025/08/20 12:0 a.m.9 views

Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability

Talos Vulnerability Report TALOS-2025-2162 Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability August 20, 2025 CVE Number CVE-2025-27564 SUMMARY A unencrypted transmission of credentials vulnerability exists in the web portal authentication functionality...

7.2AI score
Exploits0
NVD
NVD
added 2025/08/18 10:15 p.m.8 views

CVE-2025-54862

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

5.4CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/18 9:23 p.m.5 views

CVE-2025-54862 Santesoft Sante PACS Server Cross-site Scripting

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.8 views

PT-2025-33703 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: Sante PACS Server web portal is susceptible to stored cross-site scripting. An attacker can inject malicious HTML code, potentially redirecting a user to a malicious webpage and...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References7
CVE
CVE
added 2025/05/30 8:23 a.m.53 views

CVE-2025-4635

CVE-2025-4635 affects the jct-aq Airpointer 2D device (diagnostics module) and is described as a remote code execution via manipulation of the Diagnostics module by a user with administrative privileges. The Red Hat and NVD entries corroborate that an attacker with high privileges in the web port...

6.6CVSS6.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.4 views

PT-2025-23271 · Unknown · Airpointer

Name of the Vulnerable Software and Affected Versions: airpointer version 2.4.107-2 Description: The web portal on airpointer presented a local file inclusion issue. A malicious user with administrative privileges in the web portal could manipulate requests to view files on the filesystem...

4.1CVSS5.9AI score0.00238EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.7 views

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

8.6CVSS6.7AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.8 views

CVE-2023-46344

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE=csmartenergyswgroups in the web...

5.4CVSS6.1AI score0.00446EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.10 views

CVE-2022-27969

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...

5.3CVSS7.2AI score0.00603EPSS
Exploits1References1
Rows per page
Query Builder