Lucene search
K

98 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-15726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary...

5.3CVSS5.8AI score0.01653EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-9860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with...

5.9CVSS6.5AI score0.01934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-6629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way ...

10CVSS8.1AI score0.03202EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-6622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdm...

5.9CVSS7.3AI score0.01799EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34230 · Moss · Moss

Name of the Vulnerable Software and Affected Versions: Moss versions prior to 0.15 Description: Moss before version 0.15 contains a file upload issue. The configuration of the upload function permits attackers to upload files with any extension to arbitrary locations on the target server...

8.6CVSS7.4AI score0.00265EPSS
Exploits0References5
NVD
NVD
added 2025/08/13 5:15 p.m.6 views

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

5.3CVSS0.00108EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:42 a.m.5 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
Veracode
Veracode
added 2025/04/23 2:16 p.m.9 views

Server-Side Request Forgery (SSRF)

Kyverno is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of Service Call destinations due to the ability of attackers to craft policies that initiate requests to arbitrary servers under their control...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/31 11:9 a.m.10 views

CVE-2025-3022 OS Command Injection vulnerability in e-management of e-solutions

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...

9.3CVSS7.8AI score0.00996EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.6 views

E-Solutions E-Management 操作系统命令注入漏洞

E-Solutions E-Management is an application from E-Solutions, Inc. An operating system command injection vulnerability exists in E-Solutions E-Management, which stems from the presence of command injection that could lead to the execution of arbitrary commands on the server...

9.3CVSS7.8AI score0.00996EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-31103

A-blog CMS contains an untrusted data deserialization vulnerability that if successfully exploited can be leveraged to execute an arbitrary script on the server...

7.5CVSS6AI score0.00474EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.13 views

The vulnerability of the PHP Smarty templater, related to improper handling of code generation, allows attackers to execute arbitrary PHP code.

The vulnerability of the PHP Smarty templater is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code on the target system...

8.5CVSS7.6AI score0.00507EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2024/11/27 3:50 a.m.4249 views

CVE-2024-5921

CVE-2024-5921 : Palo Alto Networks GlobalProtect app suffers from insufficient certificate validation, allowing the client to connect to arbitrary servers. This can enable a local non-admin user or an attacker on the same subnet to install malicious root certificates and subsequently execute malw...

8.8CVSS9AI score0.01454EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.5 views

Palo Alto Networks GlobalProtect 信任管理问题漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A trust management issue vulnerability exists in Palo Alto Networks GlobalProtect, which stems from insufficie...

8.8CVSS9.4AI score0.01454EPSS
Exploits2References4
OSV
OSV
added 2024/11/04 6:15 p.m.4 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

4.9CVSS6AI score0.00339EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/09/11 4:37 a.m.3 views

SUSE CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS6.9AI score0.15586EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.6 views

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...

6.1CVSS6AI score0.00405EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.5 views

WordPress plugin Google Doc Embedder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.6AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2024/02/22 5:15 a.m.3 views

CVE-2024-27283

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed...

7.2CVSS5.9AI score0.00678EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/12/14 3:30 p.m.37 views

External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.1AI score0.00715EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder