Lucene search
K

2405 matches found

CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

Seven Bears Library CMS 代码注入漏洞

Seven Bears Library CMS is a content management system by mirweiye Personal Developer. A code injection vulnerability exists in Seven Bears Library CMS version 2023, which stems from the vulnerability of the Background Management Page component to cross-site scripting attacks...

4.8CVSS4.2AI score0.00278EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

WordPress plugin Slazzer Background Changer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...

5.3CVSS6.3AI score0.00465EPSS
Exploits0References1
OSV
OSV
added 2025/04/06 7:56 p.m.4 views

CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Plain Craft Launcher PCL is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE...

4.9CVSS6.7AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/06 12:0 a.m.3 views

Plain Craft Launcher 输入验证错误漏洞

Plain Craft Launcher is an open source software by Hex Dragon. Plain Craft Launcher suffers from an input validation error vulnerability that stems from a malicious homepage that may use IE to access web pages in the background...

4.9CVSS6.7AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.4 views

PT-2025-11211 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: DataEase is an open source business intelligence and data visualization tool. A patch bypass issue allows authenticated users to read and deserialize arbitrary files through the background JDBC...

8.6CVSS6.1AI score0.00424EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.2 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to a security vulnerability , the vulnerability...

8.6CVSS6.5AI score0.00424EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.2 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to the existence of a security vulnerability , th...

8.6CVSS6.7AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2025/03/07 9:15 a.m.4 views

CVE-2024-13431

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accentcolor and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping...

6.1CVSS5.9AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2025/03/03 5:15 p.m.3 views

PYSEC-2025-24

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

7.5CVSS5.8AI score0.00485EPSS
Exploits1References3
PyPA
PyPA
added 2025/03/03 5:15 p.m.8 views

PYSEC-2025-24

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

7.5CVSS6.7AI score0.00485EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/03 5:15 p.m.17 views

CVE-2025-25301

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

7.5CVSS0.00485EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/03 4:40 p.m.15 views

CVE-2025-25302 Rembg CORS misconfiguration

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS0.00179EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/02/28 2:20 a.m.2 views

SUSE CVE-2025-21783

In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochipgetngpios The gpiochipgetngpios uses chip macros to print messages. However these macros rely on gpiodev to be initialised and set, which is not the case when called via bgpioinit. In such a...

5.5CVSS7.6AI score0.00201EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/27 3:11 a.m.4 views

SUSE CVE-2022-49174

In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default enabled, extents for any given inode might span across blocks from two different block group. ext4mbmarkbb only reads the bufferhead...

5.5CVSS6.3AI score0.00246EPSS
Exploits0References7
HackRead
HackRead
added 2025/02/26 10:25 a.m.7 views

US Background Check Firm Data Breach Exposes 3.3M Records

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services,…...

7.3AI score
Exploits0
OSV
OSV
added 2025/02/26 7:1 a.m.2 views

DEBIAN-CVE-2022-49347

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in ext4writepages we got issue as follows: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here ------------ kernel...

5.5CVSS5.3AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.4 views

PT-2025-7590 · Phpcmsv9 · Phpcmsv9

Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...

6.1CVSS7.1AI score0.0026EPSS
Exploits1References5
CVE
CVE
added 2025/02/20 12:0 a.m.61 views

CVE-2025-25960

CVE-2025-25960 is a Cross Site Scripting vulnerability affecting phpcmsv9 v9.6.3. The issue allows a remote attacker to escalate privileges via the member center’s menu interface in the background administrator. Reported impact is a partial privilege escalation with low confidentiality/integrity ...

6.1CVSS6.5AI score0.0026EPSS
Exploits1References1Affected Software1
Wired Threat Level
Wired Threat Level
added 2025/02/06 7:30 a.m.6 views

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers

Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 2:19 a.m.6 views

CVE-2025-22784

Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...

8.6CVSS7.2AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder