Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 5:8 p.m.3 views

CVE-2026-35575

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...

8CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/06 6:31 p.m.4 views

EUVD-2025-208340

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51921

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A flaw exists where an authenticated user with specific permissions "Edit Records" and "Manage Properties and Classifications" can inject a...

8.5CVSS5.5AI score0.00164EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19028

Malicious code in bioql PyPI...

10CVSS6.2AI score0.02417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/26 12:37 a.m.3 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

10CVSS7.5AI score0.02417EPSS
Exploits0References1
NVD
NVD
added 2025/06/24 3:15 p.m.5 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

10CVSS0.02417EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/24 12:0 a.m.234 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

0.02417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.3 views

PT-2025-26740

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance SMA versions 13.0.x prior to 13.0.385 Quest KACE Systems Management Appliance SMA versions 13.1.x prior to 13.1.81 Quest KACE Systems Management Appliance SMA versions 13.2.x prior to 13.2.183 Quest KACE...

10CVSS7.9AI score0.02417EPSS
Exploits0References109
Vulnrichment
Vulnrichment
added 2025/06/24 12:0 a.m.2 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

7.4AI score0.02417EPSS
Exploits0References3
CVE
CVE
added 2025/06/24 12:0 a.m.51 views

CVE-2025-32975

CVE-2025-32975 affects Quest KACE SMA versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4). The issue is an authentication bypass in the SSO authentication handling mechanism that could allow an atta...

10CVSS7.2AI score0.02417EPSS
In wildExploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-25681 · Froxlor +1 · Froxlor +1

Name of the Vulnerable Software and Affected Versions: Froxlor versions prior to 2.1.9 Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated user can inject malicious scrip...

9.6CVSS6AI score0.00963EPSS
Exploits2References11
Huntr
Huntr
added 2022/08/06 3:13 p.m.22 views

IDOR in password change page leads to administrative account takeover

Description The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account. Proof of Concept 1. 1 - Log in as a normal user that can change its o...

0.9AI score
Exploits0
Rows per page
Query Builder