Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/18 11:27 a.m.5 views

CVE-2025-38539

In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values...

4.4CVSS6.5AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.5 views

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the Advanced Cron Manager WordPress plugin and the Advanced Cro...

4.3CVSS5.3AI score0.0065EPSS
Exploits2References2
OSV
OSV
added 2021/04/08 12:15 p.m.2 views

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

5.4CVSS5.8AI score0.00734EPSS
Exploits1References3
OSV
OSV
added 2021/04/08 12:15 p.m.2 views

CVE-2021-30113

A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...

6.1CVSS6.4AI score0.00946EPSS
Exploits1References3
NVD
NVD
added 2021/04/08 12:15 p.m.8 views

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

5.4CVSS0.00734EPSS
Exploits1References3
Prion
Prion
added 2021/04/08 12:15 p.m.13 views

Cross site scripting

A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...

4.3CVSS5.8AI score0.00946EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/04/08 12:15 p.m.10 views

Cross site scripting

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

3.5CVSS5.2AI score0.00734EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/04/21 6:7 p.m.20 views

CVE-2008-6736

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to 1 add new events via calAdd.php, as reachable from admin/add.php, or 2 delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not foll...

6.7AI score0.02198EPSS
Exploits1References4
Prion
Prion
added 2007/09/05 7:17 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

4.3CVSS7.5AI score0.02135EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder