Lucene search
K

2438 matches found

Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-34972

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0a and earlier Description: An inadequate encryption strength issue exists that may allow a remote, unauthenticated attacker to access a function requiring authentication...

8.7CVSS7.7AI score0.00215EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/27 4:23 p.m.8 views

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 4:23 p.m.6 views

CVE-2025-20348 Cisco Nexus Dashboard Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5CVSS0.00273EPSS
Exploits0References1
Cisco
Cisco
added 2025/08/27 4:0 p.m.7 views

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-8866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is...

6.5CVSS5.2AI score0.09579EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-23203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several...

5.5CVSS5.8AI score0.0037EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/26 12:0 a.m.7 views

CVE-2025-57425

A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...

0.00269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-12482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. CVE-2018-12482 Note that...

8.8CVSS7.8AI score0.013EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-9774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. CVE-2017-9774 Note that Nessus...

8.8CVSS7.8AI score0.02385EPSS
Exploits0References2
CVE
CVE
added 2025/08/23 4:25 a.m.26 views

CVE-2025-9131

CVE-2025-9131 (Ogulo – 360° Tour, WordPress) Vulnerability type: Stored Cross-Site Scripting via the slug parameter in all versions up to and including 1.0.11. Exploitation requires authenticated access at Contributor level or higher; attacker can inject scripts that run when pages are viewed by ...

6.4CVSS5.7AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34485 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The List MySQL Databases function in Easy Hosting Control Panel EHCP is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute...

6.1CVSS7.2AI score0.00224EPSS
Exploits3References6
Cvelist
Cvelist
added 2025/08/20 3:22 p.m.7 views

CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15...

8.7CVSS0.00334EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2025/08/20 12:0 a.m.5 views

Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds function. The issue results from the...

6.6CVSS6.8AI score0.01021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-24048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges ...

7.8CVSS8.4AI score0.00645EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-24051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected...

7.8CVSS8.2AI score0.00615EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-24052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges o...

7.8CVSS8.3AI score0.00645EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/08/20 12:0 a.m.5 views

Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...

6.6CVSS6.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-8865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is...

6.5CVSS6.4AI score0.06808EPSS
Exploits4References2
CVE
CVE
added 2025/08/16 3:38 a.m.31 views

CVE-2025-6079

CVE-2025-6079 affects the School Management System for WordPress plugin (WordPress). It enables authenticated attackers with Student-level access or higher to upload arbitrary files due to missing file type validation in homework.php, across all versions up to 93.2.0. The vulnerability could pote...

8.8CVSS6.6AI score0.00519EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/14 2:24 a.m.6 views

CVE-2025-42976

SAP NetWeaver Application Server ABAP BIC Document allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can...

8.1CVSS6.6AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder