Lucene search
+L

98 matches found

NVD
NVD
added 2025/08/07 7:15 p.m.8 views

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

7.4CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/08/07 7:15 p.m.4 views

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

7.4CVSS5.9AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/07 6:37 p.m.13 views

CVE-2025-55077 Tyler Technologies ERP Pro 9 SaaS application escape

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

7.4CVSS0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.9 views

PT-2025-32306 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Tyler Technologies ERP Pro 9 SaaS affected versions not specified Description: The software allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment...

7.4CVSS6.5AI score0.00211EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.12 views

Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...

5.6CVSS6.2AI score0.01404EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 p.m.5 views

CVE-2020-3687

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue...

5.5CVSS7.2AI score0.00203EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.8 views

CVE-2019-18279

In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019...

8.8CVSS7AI score0.01265EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 6:33 p.m.12 views

Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)

Summary IBM Business Automation Workflow Configuration Editor repackages a nodejs runtime and multiple application level models. Vulnerabilities have been reported for the runtime and some modules.. Vulnerability Details CVEID:CVE-2025-23083 DESCRIPTION: With the aid of the diagnosticschannel...

8.7CVSS8.2AI score0.01404EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 4:8 p.m.14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. Vulnerability Details CVEID:CVE-2025-23085 DESCRIPTION: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header wa...

6.8CVSS9.2AI score0.01404EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/02/10 6:14 p.m.2 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in BufferedReader.readLine, which does not count null bytes when calculating the acceptable size of an input stream. An attacker can cause the application to crash by creating a large...

6.8CVSS6.8AI score0.00408EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:35 a.m.9 views

CVE-2024-11952

The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...

7.5CVSS7.6AI score0.00873EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/28 4:35 a.m.11 views

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS5.7AI score0.01404EPSS
Exploits1References1
CVE
CVE
added 2025/01/28 4:35 a.m.156 views

CVE-2025-23084

CVE-2025-23084 concerns Node.js on Windows, where drive names were not treated as special by path utilities. The available sources describe that certain Windows paths using path.join may be interpreted relative to the current directory, potentially mapping to the root instead of a relative locati...

5.6CVSS6.6AI score0.01404EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2025/01/28 4:35 a.m.25 views

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS6AI score0.01404EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.17 views

Oracle MySQL Server 8.0 - 8.0.40, 8.4 - 8.4.3, 9.0 - 9.1.0 Security Update (cpujan2025) - Windows

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

6.5CVSS6.1AI score0.01378EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-4814 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special ...

5.6CVSS5.3AI score0.01404EPSS
Exploits1References19
Cvelist
Cvelist
added 2025/01/14 6:4 p.m.18 views

CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability

...

5.5CVSS0.0077EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 9:15 a.m.13 views

CVE-2024-11952

The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...

7.5CVSS0.00873EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/04 8:22 a.m.7 views

CVE-2024-11952 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion

The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...

7.5CVSS7.8AI score0.00873EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.6 views

PT-2024-17362 · WordPress · Classic Addons – Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Classic Addons – WPBakery Page Builder plugin for WordPress versions up to, and including, 3.0 Description: The issue allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to...

7.5CVSS8AI score0.00873EPSS
Exploits0References7
Rows per page
Query Builder