Lucene search
K

2439 matches found

NVD
NVD
added 2025/09/06 4:16 a.m.8 views

CVE-2025-8149

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/05 7:31 a.m.9 views

CVE-2025-9378

The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.2AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.10 views

CVE-2025-8613

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...

7.2CVSS8.3AI score0.01251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.7 views

PT-2025-35872

Name of the Vulnerable Software and Affected Versions: SAEMM affected versions not specified Description: An out-of-bounds read issue exists in the SAEMM DiscloseMsId function within SAEMM RadioMessageCodec.c. This could lead to remote information disclosure after authentication, requiring no...

6.5CVSS6AI score0.00253EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/03 5:40 p.m.2 views

CVE-2025-20280 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

4.8CVSS5.6AI score0.00207EPSS
Exploits0References1
Source Incite
Source Incite
added 2025/09/03 12:0 a.m.131 views

SRC-2025-0005 : Samsung MagicINFO 9 Server ContentSaveServiceImpl getMediaSourceFromNewFile File Upload Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-21324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

6.8CVSS6.8AI score0.01416EPSS
Exploits1References2
NVD
NVD
added 2025/09/02 8:15 p.m.3 views

CVE-2025-8613

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...

7.2CVSS0.01251EPSS
Exploits0References1
NVD
NVD
added 2025/09/02 8:15 p.m.2 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 8:15 p.m.3 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS5.9AI score0.00654EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/02 8:0 p.m.28 views

CVE-2025-9273 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.3CVSS0.00457EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/02 8:0 p.m.4 views

CVE-2025-9273 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.3CVSS5.5AI score0.00457EPSS
Exploits0References1
CVE
CVE
added 2025/09/02 7:49 p.m.15 views

CVE-2025-8613

The CVE-2025-8613 issue affects Vacron Camera devices, specifically a command injection in the webs.cgi endpoint. The flaw arises from insufficient validation of a user-supplied string before it is used to perform a system call, allowing an unauthenticated attacker to execute code with root privi...

7.2CVSS7.7AI score0.01251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/02 7:49 p.m.1 views

CVE-2025-8613 Vacron Camera ping Command Injection Remote Code Execution Vulnerability

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...

7.2CVSS7.7AI score0.01251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/02 7:48 p.m.2 views

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-57425

A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...

6.1CVSS5.4AI score0.00269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-12483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscoveranalyser rzo GET...

9CVSS7.9AI score0.0322EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/29 11:17 a.m.1 views

CVE-2025-40707 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

5.1CVSS5.5AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 8:27 a.m.2 views

CVE-2025-46409

Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker...

8.7CVSS7.5AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2025/08/28 8:27 a.m.19 views

CVE-2025-46409

SS1 is affected by CVE-2025-46409 (Inadequate encryption strength) in SS1 Ver.16.0.0.10 and earlier (Media 16.0.0a and earlier). The issue may allow a remote, unauthenticated user to access a function that requires authentication. Public references also document additional vulnerabilities in SS1 ...

8.7CVSS7.7AI score0.00215EPSS
Exploits0References2
Rows per page
Query Builder