Lucene search
K

420 matches found

Cvelist
Cvelist
added 2025/12/05 5:15 p.m.20 views

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.1CVSS0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.15 views

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

7.4CVSS6.8AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.11 views

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

6.8CVSS0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.15 views

PT-2025-48465

Name of the Vulnerable Software and Affected Versions Kerlink gateways versions prior to 5.10 Description Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, lacking HTTPS support. This absence of transport layer security enables a...

7.4CVSS6.5AI score0.0015EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/01 12:0 a.m.5 views

EUVD-2024-30206

Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...

5.3CVSS6.3AI score0.01453EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.7 views

CVE-2024-39148

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...

0.00452EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.12 views

Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from the wmp-agent service not properly validating magic URLs, which could allow an unauthenticated remote attacker to execute arbitrary OS...

8.1CVSS7.6AI score0.00452EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.7 views

WordPress plugin Email Subscribers & Newsletters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.8AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

8.8CVSS7.5AI score0.02648EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2020-30809

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly...

8.7CVSS7.4AI score0.01794EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44614

Name of the Vulnerable Software and Affected Versions SeventhQueen Kleo versions prior to 5.5.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...

7.5CVSS6.4AI score0.00381EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/30 9:51 p.m.3 views

CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:44 p.m.12 views

CVE-2016-15050 Nagios XI < 5.2.4 SQL Injection in Notification Search

Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries...

8.7CVSS0.0101EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient...

5.4CVSS5.9AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44471

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3 Description Nagios XI versions prior to 5.7.3 have a privilege escalation issue in the getprofile.sh helper script. The script handles profile retrieval and initialization with insecure file and command...

8.5CVSS7.4AI score0.00309EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.7 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.8.7 that stems from improperly set...

8.5CVSS6.8AI score0.0032EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/27 5:10 a.m.10 views

WordPress Sahifa theme < 5.8.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sahifa versions 5.8.6...

6.5CVSS6.1AI score0.00151EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/23 8:4 a.m.4 views

CVE-2025-10727 Reflected XSS in ArkSigner's AcBakImzala

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4...

5.4CVSS5.4AI score0.002EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414613 advisory. An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. videousercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for...

6.2CVSS6.5AI score0.00369EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414668 advisory. In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers t...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References3
Rows per page
Query Builder