Lucene search
+L

254 matches found

Rockylinux
Rockylinux
added 2025/07/29 1:40 p.m.30 views

nginx:1.24 security update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

5.7CVSS6.6AI score0.0032EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/23 12:0 a.m.31 views

Apache 2.4.x < 2.4.65

The version of Apache httpd installed on the remote host is prior to 2.4.65. It is, therefore, affected by a vulnerability as referenced in the 2.4.65 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to...

6.3CVSS7.2AI score0.00691EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 2:15 p.m.5 views

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

9.1CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 12:0 a.m.14 views

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

0.00598EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 4: pcs (TSSA-2024:0533)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.4CVSS6.7AI score0.00646EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/13 6:15 p.m.18 views

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

5.3CVSS5.6AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/11 11:16 p.m.4 views

CVE-2025-30183

CyberData 011209 Intercom does not properly store or protect web server admin credentials...

8.7CVSS7.5AI score0.00355EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/11 5:28 p.m.8 views

CVE-2025-0923 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

5.3CVSS7.1AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 11:15 p.m.8 views

CVE-2025-30183

CyberData 011209 Intercom does not properly store or protect web server admin credentials...

8.7CVSS0.00355EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/06/09 5:47 p.m.13 views

HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter

Summary An authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as...

6.5CVSS7.2AI score0.00449EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 a.m.11 views

CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

7.5CVSS7AI score0.01379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:29 p.m.8 views

CVE-2002-2014

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks...

5CVSS7AI score0.02342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:6 p.m.7 views

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on...

5CVSS7AI score0.04923EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 9:53 p.m.17 views

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

10CVSS0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.9 views

PT-2025-22415 · Automationdirect · Mb-Gateway

Name of the Vulnerable Software and Affected Versions: AutomationDirect MB-Gateway affected versions not specified Description: The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, ...

10CVSS9.7AI score0.01007EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2025/03/28 1:24 p.m.12 views

CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

2.4CVSS6.2AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 1:24 p.m.46 views

CVE-2025-2865

CVE-2025-2865 affects Arteche/saTECH BCU firmware 2.1.3. The issue is a reflected/stored cross-site scripting (XSS) vulnerability in the web server that could cause malicious resources to be stored and interpreted by victims when visiting the affected site. Multiple sources corroborate firmware 2...

6.1CVSS6.2AI score0.0017EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 12:0 a.m.8 views

CVE-2025-28220

Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...

6.7AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2025/03/14 6:1 p.m.39 views

CVE-2024-54448

CVE-2024-54448 concerns the LogicalDOC Automation Scripting feature, which an attacker with admin privileges or granted access can abuse to execute arbitrary commands on the web server hosting LogicalDOC. The vulnerability enables remote code execution on the underlying operating system via the A...

8.6CVSS7AI score0.0047EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 12:14 p.m.11 views

CVE-2024-52384

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generatio...

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1
Rows per page
Query Builder