Lucene search
K

48 matches found

CVE
CVE
added 2026/06/22 5:33 p.m.10 views

CVE-2026-54298

Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...

6.1CVSS6AI score0.0016EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Dräger Protector Software 安全漏洞

Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...

8.3CVSS6AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 10:54 p.m.4 views

EUVD-2026-10430

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

7.6CVSS5.8AI score0.00187EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:53 p.m.3 views

CVE-2026-30918

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...

7.6CVSS5.8AI score0.00196EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 9:34 p.m.3 views

CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 1:2 p.m.14 views

CVE-2025-14510

CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...

9.2CVSS6.6AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 2:22 p.m.6 views

EUVD-2025-34883

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS6.5AI score0.00554EPSS
Exploits1References1
OSV
OSV
added 2025/10/17 6:15 a.m.7 views

CVE-2025-55094

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxicmpv6validateoptions when handling a packet with ICMP6 options...

7.5CVSS6.8AI score
Exploits0References1
CVE
CVE
added 2025/10/17 5:32 a.m.20 views

CVE-2025-55096

CVE-2025-55096 affects USBX (USB host stack) prior to 6.4.3 in the Eclipse Foundation ThreadX ecosystem. The root cause is an out-of-bounds read in _ux_host_class_hid_report_descriptor_get() while parsing a USB HID device descriptor. Documented impact includes high confidentiality and availabilit...

6.1CVSS6.5AI score0.00152EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 6:43 a.m.4 views

CVE-2025-55090 Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive function when received an Ethernet frame with less than 4 bytes of IP packet...

6.9CVSS6.4AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 3:16 p.m.5 views

CVE-2025-55083

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read...

5.3CVSS7AI score
Exploits0References1
OSV
OSV
added 2025/10/15 11:15 a.m.5 views

CVE-2025-55082

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

5.3CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2025/10/15 6:15 a.m.2 views

CVE-2025-55080

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write...

7.1CVSS7AI score
Exploits0References1
NVD
NVD
added 2025/10/15 5:16 a.m.22 views

CVE-2025-55079

In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service...

5.7CVSS0.00157EPSS
Exploits1References1
CVE
CVE
added 2025/10/15 4:29 a.m.16 views

CVE-2025-55079

CVE-2025-55079 refers to Eclipse ThreadX RTOS prior to 6.4.3, where the thread module’s maximum priority check could be bypassed, allowing a thread to run at a higher priority than intended and cause a potential denial of service. This is corroborated by Red Hat and other industry sources in the ...

5.7CVSS6.4AI score0.00157EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

Eclipse ThreadX NetX Duo 缓冲区错误漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a lack of validation of the PSK length in a user message, which could lead to out-of-bounds...

6.9CVSS6.8AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/07 6:21 p.m.9 views

CVE-2025-3448 XSS on SDM

Reflected cross-site scripting XSS vulnerabilities exist in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

6.1CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/10/07 6:21 p.m.9 views

CVE-2025-3448

CVE-2025-3448 describes a reflected cross-site scripting (XSS) in the System Diagnostics Manager (SDM) of B&R Automation Runtime, prior to 6.4 . The vulnerability allows a remote attacker to cause the affected user’s browser to execute arbitrary JavaScript, via crafted input during web page gener...

6.1CVSS6AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.4 views

CVE-2024-23533

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory...

6.5CVSS6.5AI score0.01366EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

NetScout nGeniusONE 跨站脚本漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A security vulnerability exists in NetScout nGeniusONE versions prior to 6.4.0 b2350, which stems from a stored cross-site scripting attack that could result from certain POST paramete...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder