Lucene search
K

11 matches found

CNNVD
CNNVD
added 2026/03/18 12:0 a.m.12 views

DiceBear 安全漏洞

DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/03/04 3:16 a.m.3 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 2:15 a.m.6 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...

8.9CVSS6.1AI score0.00605EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/27 8:21 p.m.3 views

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

5.3CVSS5.9AI score0.00148EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.3 views

PT-2025-43963

Name of the Vulnerable Software and Affected Versions Bdtask Pharmacy Management System versions prior to 9.4 Description A flaw exists in Bdtask Pharmacy Management System that allows for authorization bypass. This occurs through manipulation of an unknown function within the /user/edit user/ fi...

8.8CVSS4.6AI score0.00433EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.3 views

Astro 输入验证错误漏洞

Astro is an Astro open source web framework for content-driven websites. An input validation error vulnerability exists in Astro versions prior to 9.4.1, which stems from a flaw in the redirection feature that could lead to an open redirection attack...

6.9CVSS6.6AI score0.00534EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:30 p.m.5 views

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

9CVSS7.3AI score0.01342EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/20 12:0 a.m.4 views

Laravel platform cross-site scripting vulnerability

Laravel platform is a free Laravel extension library from the Laravel team Laravel. The extension library has basic business logic to quickly build admin pages and basic pages. A cross-site scripting vulnerability exists in platform versions prior to 9.4.4, which stems from an inline attribute th...

8CVSS5.8AI score0.00739EPSS
Exploits0References1
OSV
OSV
added 2019/07/04 3:15 p.m.4 views

UBUNTU-CVE-2019-13239

inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...

6.1CVSS5.8AI score0.01327EPSS
Exploits1References3
OSV
OSV
added 2017/08/16 6:29 p.m.3 views

ALPINE-CVE-2017-7548

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service...

7.5CVSS6.8AI score0.03517EPSS
Exploits0References1
Rows per page
Query Builder