Lucene search
K

95 matches found

Cvelist
Cvelist
added 2025/10/03 6:14 p.m.9 views

CVE-2025-52862 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS0.00356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 6:11 p.m.4 views

CVE-2025-52429 QTS, QuTS hero

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

5.1CVSS6.5AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40580

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.6.3195 build 20250715 QNAP versions prior to QuTS hero h5.2.6.3195 build 20250715 Description A flaw exists where a remote attacker, having obtained administrator privileges, can trigger a denial-of-service DoS...

5.1CVSS6.5AI score0.00356EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/02 12:31 p.m.2 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...

7.5CVSS6.7AI score0.01251EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 12:31 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints. Note: This is only exploitabl...

7.3CVSS7AI score0.00499EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 12:31 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints. Note: This is only exploitabl...

7.3CVSS7AI score0.00499EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 12:31 p.m.4 views

Files or Directories Accessible to External Parties

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests...

7.5CVSS6.7AI score0.01251EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 12:31 p.m.2 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...

7.5CVSS6.4AI score0.01251EPSS
Exploits0References2
NVD
NVD
added 2025/09/29 7:15 p.m.7 views

CVE-2025-57871

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

4.8CVSS0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/22 4:32 a.m.14 views

CVE-2025-10002

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6.5AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 4:16 a.m.6 views

CVE-2025-9346

The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 10.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and...

6.4CVSS0.0018EPSS
Exploits0References2
NVD
NVD
added 2025/08/22 8:15 a.m.24 views

CVE-2025-8678

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

5.9CVSS0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/14 6:28 a.m.13 views

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS6.8AI score0.00474EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.7 views

PT-2025-29910 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2025-07 Description: A Server-Side Template Injection SSTI vulnerability exists in the notification template system used for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS7AI score0.00464EPSS
Exploits0References8
OSV
OSV
added 2025/06/20 12:15 p.m.2 views

CVE-2025-4102

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveenabledicons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level...

7.2CVSS6.4AI score0.00531EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 1:47 a.m.13 views

CVE-2025-5939 Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00199EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.13 views

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

9CVSS7.9AI score0.27485EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.7 views

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

7.2CVSS7.9AI score0.01356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 6:52 p.m.8 views

CVE-2024-12510 LDAP Authentication Sever Pass-back attack

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...

6.7CVSS6.7AI score0.00923EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 7:15 a.m.6 views

CVE-2024-9582

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder