Lucene search
K

1225 matches found

OSV
OSV
added 2025/07/24 2:23 p.m.1 views

MAL-2025-6281 Malicious code in demo-vault-backup-webapp (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/21 12:30 p.m.7 views

io.telicent.smart-caches.graph:docker (>=0.82.10 <=0.83.11), io.telicent.smart-caches.graph:scg-system (>=0.82.10 <=0.83.11) +1 more potentially affected by CVE-2025-49656 via org.apache.jena:jena-fuseki-webapp (>=5.0.0-rc1 <=5.4.0)

org.apache.jena:jena-fuseki-webapp MAVEN version =5.0.0-rc1, =0.82.10, =0.82.10, =5.0.0, =5.4.0 Source cves: CVE-2025-49656 Source advisory: SNYK:JAVA-ORGAPACHEJENA-10874850...

7.5CVSS6AI score0.01401EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/07/10 4:5 p.m.7 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656...

9.1CVSS7.8AI score0.53228EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2025/05/24 6:13 p.m.15 views

CVE-2025-48066

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

6CVSS6.7AI score0.00087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/24 5:18 p.m.17 views

CVE-2025-48061

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS6.9AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.9 views

CVE-2022-22821

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available...

4.4CVSS6.8AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.9 views

CVE-2021-21400

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give...

7.1CVSS6.9AI score0.01118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.14 views

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

8.8CVSS6.3AI score0.00826EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/22 5:20 p.m.14 views

CVE-2025-48066 wire-webapp has no database deletion on client logout

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

6CVSS0.00087EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/22 5:20 p.m.11 views

CVE-2025-48066 wire-webapp has no database deletion on client logout

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

6CVSS6AI score0.00087EPSS
Exploits0References2
NVD
NVD
added 2025/05/22 5:15 p.m.18 views

CVE-2025-48061

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 5:4 p.m.11 views

CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 5:4 p.m.50 views

CVE-2025-48061

CVE-2025-48061 affects the wire-webapp (Wire) web client. A regression in the session invalidation process allowed a user who logged out to be automatically re-authenticated when re-opening the app. This issue is present in versions up to but not including 2025-05-20-production.0; the underlying ...

5.6CVSS5.6AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 5:4 p.m.9 views

CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS5.6AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 5:4 p.m.6 views

CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS6.7AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.13 views

CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

4.3CVSS4.1AI score0.00633EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:56 a.m.9 views

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI=alladminusers call...

7.5CVSS7.3AI score0.02397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 a.m.9 views

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

9.8CVSS7.2AI score0.02791EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:59 a.m.3 views

CVE-2017-11666

Cross-site scripting XSS vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file...

6.1CVSS6AI score0.00754EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.4 views

PT-2025-22515 · Wire · Wire-Webapp

Name of the Vulnerable Software and Affected Versions: wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0 Description: The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in...

5.6CVSS6AI score0.00123EPSS
Exploits0References4
Rows per page
Query Builder