Lucene search
K

323 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-16685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the Create/modify other users, groups and permissions...

5.4CVSS5.7AI score0.00782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the Create/modify other users, groups and permissions privilege...

5.4CVSS5.7AI score0.00782EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.8 views

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.7 views

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.4 views

CVE-2025-41046

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:14 a.m.3 views

CVE-2025-41060 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:11 a.m.12 views

CVE-2025-41044

CVE-2025-41044 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint, specifically through the data[Page][name] parameter. Public sources consistently describe the vulnerability as cross-site ...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.8 views

PT-2025-35919

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35924

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:39 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

8.7CVSS9.2AI score0.00759EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/08/14 7:15 p.m.7 views

CVE-2025-54708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...

6.5CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 7:2 p.m.6 views

CVE-2025-8976 givanz Vvveb Endpoint post cross site scripting

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.1CVSS6.6AI score0.00256EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/07/28 11:35 p.m.4 views

SUSE CVE-2024-32867

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19...

5.3CVSS6.8AI score0.00699EPSS
Exploits0References2
OSV
OSV
added 2025/07/07 2:42 p.m.5 views

CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0...

4.4CVSS5.9AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2025/06/26 2:15 p.m.6 views

UBUNTU-CVE-2025-6710

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which coul...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.6 views

Drupal Paragraphs table 安全漏洞

Drupal Paragraphs table is a table generation tool for the Drupal community. A security vulnerability exists in Drupal Paragraphs table versions prior to 2.0.5 that stems from improper input neutralization and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.7 views

CVE-2023-30540

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...

4.3CVSS6.5AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.4 views

CVE-2023-0934

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.9AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.12 views

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

5.4CVSS5.6AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.8 views

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

6.5CVSS6.8AI score0.00942EPSS
Exploits1References1
Rows per page
Query Builder