Lucene search
+L

36 matches found

Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.6 views

PT-2025-9096 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.8.0 through 2.8.12 Rancher versions 2.9.0 through 2.9.6 Rancher versions 2.10.0 through 2.10.2 Description: A local user can impersonate other identities through SAML Authentication on first login due to an improper access...

9.9CVSS7.3AI score0.93027EPSS
Exploits19References61
RedhatCVE
RedhatCVE
added 2025/02/05 5:2 p.m.14 views

CVE-2019-13343

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...

9.9CVSS7AI score0.02248EPSS
Exploits1References1
CVE
CVE
added 2024/12/18 3:22 a.m.43 views

CVE-2024-12449

CVE-2024-12449 affects the Video Share VOD – Turnkey Video Site Builder Script WordPress plugin. It is a Stored XSS in the videowhisper_player_html shortcode present in all versions up to 2.6.30 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation r...

6.4CVSS5.7AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.19 views

CVE-2024-11876 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...

6.4CVSS0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-18352 · WordPress · Wpbakery

Name of the Vulnerable Software and Affected Versions: wpbakery plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the Post Title tag attribute due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.7 views

Apple Safari security vulnerability

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari version 17.4, which originates from accessing the Private Browsing tab without authentication...

4.3CVSS8.2AI score0.00732EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.7 views

Sme.UP ERP 安全漏洞

Sme.UP ERP is a management software developed to meet the needs of customers by Sme.UP Italy. A security vulnerability exists in Sme.UP ERP TOKYO version V6R1M220406, which originates from the presence of an information disclosure vulnerability that can be exploited by an attacker to gain access ...

7.5CVSS7.3AI score0.00518EPSS
Exploits1References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.9 views

JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...

7.1AI score
Exploits0
OSV
OSV
added 2022/08/25 11:15 p.m.6 views

CVE-2022-37316

Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...

6.5CVSS5.8AI score0.00582EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/28 12:0 a.m.7 views

PT-2022-23731 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 8.1.x through 8.1.2 Veritas NetBackup version 8.2 Veritas NetBackup versions 8.3.x through 8.3.0.2 Veritas NetBackup versions 9.x through 9.0.0.1 Veritas NetBackup versions 9.1.x through 9.1.0.1 Description: An issu...

8.5CVSS6.3AI score0.00553EPSS
Exploits0References4
CNVD
CNVD
added 2022/05/07 12:0 a.m.34 views

F5 BIG-IP APM Edge Client for Windows has an unspecified vulnerability

F5 BIG-IP APM Edge Client for Windows is a client-side access control authentication access client application from F5. A security vulnerability exists in F5 BIG-IP APM Edge Client for Windows, which can be exploited by attackers to obtain privilege escalation on client Windows systems...

7.8CVSS6AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2021/05/27 7:15 p.m.4 views

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...

7.1CVSS7.1AI score0.00272EPSS
Exploits0References1
myhack58
myhack58
added 2015/10/12 12:0 a.m.26 views

Network, Netgear routers are exposed to severe DNS vulnerability,vulnerable to hacking-vulnerability warning-the black bar safety net

! Recently, the network device Netgear routers is found that there is a serious DNS vulnerability, at present, the network member has not yet patched the published vulnerabilities, which allow attackers to tamper with the affected router's DNS settings, it will affect its router security, estimat...

7.3AI score
Exploits0
CNVD
CNVD
added 2015/05/15 12:0 a.m.6 views

Y-Cam information leakage vulnerability in various products

Y-Cam camera is a wireless network security surveillance camera system from Y-cam. An information disclosure vulnerability exists in several Y-Cam products, allowing remote attackers to authenticate and obtain sensitive information via a leading "/ /" to en/account/acceditasp request...

5CVSS6.3AI score0.01495EPSS
Exploits1References1
NVD
NVD
added 2003/08/27 4:0 a.m.19 views

CVE-2003-0639

Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication...

5CVSS6.4AI score0.01249EPSS
Exploits0References2
CERT
CERT
added 2002/07/27 12:0 a.m.29 views

Microsoft SQL Server installation process leaves sensitive information on system

Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...

4.6CVSS6.2AI score0.01697EPSS
Exploits0References6
Rows per page
Query Builder