Lucene search
K

320 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.8 views

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

4.8CVSS6.1AI score0.0061EPSS
Exploits1References1
Circl
Circl
added 2026/01/01 12:36 a.m.7 views

CVE-2025-67705

creationtimestamp| type| source ---|---|--- 2026-01-01 00:36:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbd56v7z2r2c 2026-01-02 18:51:10+00:00| seen| Telegram/jewkuyTggD2PWaKrabPFdcCxroyUzLRM-AR1O-LdmNxSvc...

6.1CVSS5.8AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 3:7 p.m.29 views

CVE-2025-62141 WordPress Wawp plugin <= 4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through = 4.4...

5.3CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/24 4:53 a.m.3 views

CVE-2025-66444 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Data Center Analytics component and Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-0...

8.2CVSS6.3AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

appRain CMF 代码问题漏洞

appRain CMF is a content management framework from appRain Canada. A code issue vulnerability exists in appRain CMF version 4.0.5 that originates from an authenticated user being able to upload a malicious PHP file via the file manager, which could lead to remote code execution...

8.8CVSS7.6AI score0.00821EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/08 12:0 a.m.21 views

CVE-2025-65230

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...

0.00168EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.2 views

RHEL 9 : grub2 (RHSA-2025:20532)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20532 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

6.7CVSS6.5AI score0.00231EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.7 views

CVE-2025-32222

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

9.9CVSS7AI score0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 3:18 a.m.1 views

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS6.4AI score0.00165EPSS
Exploits0References4
Circl
Circl
added 2025/11/06 10:26 p.m.15 views

CVE-2022-50596

creationtimestamp| type| source ---|---|--- 2025-11-06 22:26:04+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ym6hjdpf2u...

9.8CVSS5.8AI score0.04115EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 12:31 a.m.8 views

GHSA-27MC-9399-R9MX Drupal Access code allows Brute Force Attempts

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force. This issue affects Access code: from 0.0.0 before 2.0.5...

6.3CVSS7.2AI score0.00225EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.4 views

Amazon Linux 2 : glibc, --advisory ALAS2-2025-3040 (ALAS-2025-3040)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3040 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It...

5.9CVSS6.6AI score0.00158EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/27 3:30 a.m.4 views

EUVD-2025-36014

Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through = 4.0.5...

6.5AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/22 5:24 p.m.4 views

CVE-2022-50580

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/22 5:13 p.m.3 views

CVE-2022-50560

In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because componentmasterdel wasn't being called when unloading the mesondrm module, the aggregate device would linger forever in the global aggregatedevices list...

5.9AI score0.00195EPSS
Exploits0References4
NVD
NVD
added 2025/10/22 3:16 p.m.18 views

CVE-2025-60232

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

9.8CVSS0.00529EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/10/22 2:15 p.m.5 views

CVE-2022-50561

In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns failed, iiodeviceregistereventset needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced...

5.7AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/16 8:0 p.m.5 views

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

3.8CVSS6.4AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 5:31 p.m.7 views

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

4.1CVSS0.00839EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.4 views

PT-2025-42549

Name of the Vulnerable Software and Affected Versions Xpdf versions prior to 4.06 Description A flaw exists in Xpdf versions 4.05 and earlier related to PDF object handling within CMap structures. Specifically, a loop in a CMap, triggered through the "UseCMap" entry, can result in infinite...

2.1CVSS6.5AI score0.00156EPSS
Exploits0References11
Rows per page
Query Builder