Lucene search
+L

97 matches found

RedhatCVE
RedhatCVE
added 2025/03/19 1:16 p.m.9 views

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

8.2CVSS6.6AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/13 3:46 a.m.33 views

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

10CVSS6.6AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2025/03/04 3:37 a.m.74 views

CVE-2025-1321

CVE-2025-1321 concerns the WordPress teachPress plugin. Connected sources confirm a SQL Injection via the tpsearch shortcode’s order parameter in all versions up to 9.0.7, caused by insufficient escaping and improper SQL query preparation. An authenticated attacker with Contributor-level access o...

8.8CVSS7.3AI score0.00458EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2018-7225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to...

9.8CVSS6.8AI score0.06222EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 6:30 a.m.10 views

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS7.7AI score0.00822EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/21 12:0 a.m.10 views

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...

5.8AI score0.00548EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.5 views

PT-2024-33516 · Samsung · Samsung Pass

Name of the Vulnerable Software and Affected Versions: Samsung Pass versions prior to 4.4.04.7 Description: The issue is related to improper authentication in the Private Info feature of Samsung Pass, allowing physical attackers to access sensitive information in a specific scenario...

5.3CVSS6.7AI score0.0023EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple, Inc. A security vulnerability exists in Apple macOS version 15, which stems from an application that may be able to access sensitive user data...

7.5CVSS6.1AI score0.00636EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/24 11:0 a.m.21 views

CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

4.3CVSS0.00414EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/24 11:0 a.m.26 views

CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

4.3CVSS6.5AI score0.00414EPSS
Exploits0References3
Redos
Redos
added 2024/09/02 12:0 a.m.146 views

ROS-20240902-23

A vulnerability in the Flatpak application and environment management tool is related to improper Neutralization of special output elements used by a downstream component. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data and compromise its integrity...

10CVSS7.4AI score0.01283EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/07/24 12:0 a.m.17 views

CVE-2024-36535

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

7AI score0.00476EPSS
Exploits0References1
Veracode
Veracode
added 2024/04/15 12:11 p.m.15 views

Sensitive Information Disclosure

mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate user permission settings. An attacker can access areas of the application that they should be prevented from accessing by exploiting these settings. This could potentially lead to the access of...

8.3CVSS6.5AI score0.00396EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/10 1:4 p.m.2 views

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

7.8CVSS7.8AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.5 views

PT-2023-27967 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.3 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. This is a SQL injection vulnerability, which means attackers can inject...

9.8CVSS7.9AI score0.0085EPSS
Exploits1References9
Apple
Apple
added 2023/12/11 12:0 a.m.46 views

About the security content of watchOS 10.2

About the security content of watchOS 10.2 This document describes the security content of watchOS 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

8.8CVSS9.1AI score0.17823EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/12/08 12:0 a.m.43 views

CVE-2023-46493

CVE-2023-46493 affects EverShop NPM prior to 1.0.0-rc.8. The vulnerability is a directory traversal in the readDirSync function of fileBrowser/browser.js, allowing a remote attacker to obtain sensitive information. Affected component: EverShop NPM ( frontend/backend codebase as described in sourc...

5.3CVSS4.9AI score0.01001EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.9 views

PT-2023-24663 · Ransack +2 · Ransack +2

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.3 Description: Decidim, a participatory democracy framework written in Ruby on Rails, uses a third-party library named Ransack for filtering certain database collections. By default, this library allows filterin...

7.5CVSS7.4AI score0.0125EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/05/04 12:0 a.m.11 views

CVE-2023-27568

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchFormsearchText=...

9AI score0.01209EPSS
Exploits3References4
NVD
NVD
added 2023/04/28 7:15 p.m.20 views

CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

9.8CVSS8.9AI score0.00916EPSS
Exploits0References2
Rows per page
Query Builder