Lucene search
K

563 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A phishing website could have re-used an about: dialog box to display phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...

4.3CVSS6.1AI score0.00333EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/15 6:36 p.m.38 views

CVE-2021-47964 Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS0.0071EPSS
Exploits0References4
euvd
euvd
added 2026/05/15 6:36 p.m.12 views

EUVD-2021-34817

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS6.6AI score0.0071EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.11 views

PT-2026-41343

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS6.6AI score0.0071EPSS
Exploits0References5
nvd
nvd
added 2026/05/08 6:16 a.m.14 views

CVE-2024-51092

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...

9.1CVSS0.06933EPSS
Exploits4References2
vulnrichment
vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2024-51092

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...

7.8AI score0.06933EPSS
Exploits4References2
redhatcve
redhatcve
added 2026/05/04 8:21 p.m.8 views

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

8.8CVSS5.8AI score0.00326EPSS
Exploits0References1
nvd
nvd
added 2026/04/29 3:16 p.m.8 views

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

8.8CVSS0.00326EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/29 2:27 p.m.5 views

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

8.8CVSS5.8AI score0.00326EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/29 2:27 p.m.31 views

CVE-2026-5161 Improper Authentication in TUBITAK BILGEM's Pardus About

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

8.8CVSS0.00326EPSS
Exploits0References2
euvd
euvd
added 2026/04/29 2:27 p.m.9 views

EUVD-2026-26236

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1...

8.8CVSS5.2AI score0.00326EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/29 2:27 p.m.3 views

CVE-2026-5161 Improper Authentication in TUBITAK BILGEM's Pardus About

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

8.8CVSS5.4AI score0.00326EPSS
Exploits0References2
cve
cve
added 2026/04/29 2:27 p.m.11 views

CVE-2026-5161

CVE-2026-5161 is an improper link resolution before file access vulnerability in Pardus About, enabling a Symlink Attack. Affected software: Pardus About prior to version 1.2.1. Root cause: improper link following allows unauthorized file access by traversing symlinks. Impact per CVSS metrics (AV...

8.8CVSS5.8AI score0.00326EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/29 12:0 a.m.11 views

TÜBİTAK BİLGEM Pardus About 后置链接漏洞

TÜBİTAK BİLGEM Pardus About is a component module of the Turkish company TÜBİTAK BİLGEM that provides functionality for displaying operating system information and system descriptions. Versions of TÜBİTAK BİLGEM Pardus About prior to 1.2.1 had a post-link vulnerability; this vulnerability stemmed...

8.8CVSS5.8AI score0.00326EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/29 12:0 a.m.7 views

PT-2026-35928

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1...

8.8CVSS5.2AI score0.00326EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/31 4:59 a.m.12 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/03/30 3:32 p.m.7 views

EUVD-2026-17095

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
nvd
nvd
added 2026/03/30 3:16 p.m.6 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS0.00189EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6AI score0.00189EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
Rows per page
Query Builder