Lucene search
K

122 matches found

OSV
OSV
added 2025/04/22 5:46 p.m.7 views

CVE-2025-32961 CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint

The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...

6.4CVSS6.7AI score0.00262EPSS
Exploits0References6
OSV
OSV
added 2025/04/22 4:55 p.m.9 views

GHSA-F3GV-CWWH-758M io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...

6.5CVSS6.5AI score0.00563EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/04/21 3:34 p.m.18 views

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS6.5AI score0.00768EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.5 views

PT-2025-16275 · Zhenfeng13 · My-Blog-Layui

Name of the Vulnerable Software and Affected Versions: ZHENFENG13/code-projects My-Blog-layui version 1.0 Description: A problem was found in the software, affecting an unknown part of the file /admin/v1/link/edit. This issue leads to cross site scripting and can be initiated remotely. Multiple...

5.1CVSS3.6AI score0.00334EPSS
Exploits1References8
Palo Alto Networks
Palo Alto Networks
added 2025/04/09 4:0 p.m.46 views

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...

7.1CVSS7.3AI score0.0054EPSS
Exploits0References1
OSV
OSV
added 2025/03/28 9:46 a.m.10 views

BIT-DISCOURSE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS4.7AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/26 2:15 p.m.22 views

CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 7:15 p.m.6 views

CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

4.3CVSS0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/24 6:44 p.m.16 views

CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

3.2CVSS6.9AI score0.0021EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-25629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the...

5.5CVSS7AI score0.00349EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/03 12:20 a.m.6 views

CVE-2025-27416

Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not...

8.8CVSS6.6AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/24 10:5 p.m.25 views

CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...

4.8CVSS0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-6695 · Samsung · Samsung Mobile Processor Exynos +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 1480, 2200, and 2400 Description: An issue was discovered in Samsung Mobile Processor Exynos. The absence of a null check leads to a Denial of Service at amdgpu cs ib fill in the Xclipse Driver...

7.5CVSS6.2AI score0.00557EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 10:48 p.m.9 views

CVE-2022-36097

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

8.9CVSS6.8AI score0.57388EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 10:44 p.m.10 views

CVE-2022-36091

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like...

7.5CVSS6.3AI score0.00708EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 10:40 p.m.10 views

CVE-2022-36094

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...

9CVSS6.5AI score0.64098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.7 views

CVE-2022-35936

Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...

8.2CVSS6.7AI score0.01161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:57 p.m.8 views

CVE-2020-15269

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...

9.1CVSS6.5AI score0.01051EPSS
Exploits0
OSV
OSV
added 2025/01/16 7:14 p.m.6 views

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...

5CVSS6.7AI score0.00552EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.4 views

PT-2025-3125 · Polaris Ft · Polaris Ft Intellect Core Banking

Name of the Vulnerable Software and Affected Versions: Polaris FT Intellect Core Banking version 9.5 Description: An issue was discovered in the Interllect Core Search, where input passed through the groupType parameter in "/SCGController" is mishandled before being used in SQL queries, allowing...

8.8CVSS7.8AI score0.0051EPSS
Exploits0References5
Rows per page
Query Builder