Lucene search
+L

8 matches found

nvd
nvd
added 2026/04/21 5:16 p.m.17 views

CVE-2026-29179

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS0.00144EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-0481

Malware in sbrugna...

4CVSS6.4AI score0.00937EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18630

Malware in sbrugna...

9.8CVSS9.5AI score0.01429EPSS
Exploits0References2
osv
osv
added 2021/04/09 6:15 p.m.6 views

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...

6.1CVSS6.3AI score0.93108EPSS
Exploits1References1
veracode
veracode
added 2019/09/17 3:9 a.m.28 views

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

9.8CVSS5AI score0.14866EPSS
Exploits0References14Affected Software1
cvelist
cvelist
added 2019/05/14 6:35 p.m.19 views

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

9.4AI score0.01429EPSS
Exploits0References1
prion
prion
added 2013/04/05 4:55 p.m.10 views

Cross site request forgery (csrf)

HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files...

4CVSS6.5AI score0.00937EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2013/04/05 4:0 p.m.19 views

CVE-2013-0470

HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files...

6AI score0.00937EPSS
Exploits0References2
Rows per page
Query Builder