Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS5.6AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44213

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS6AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:24 p.m.12 views

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

8.8CVSS6.1AI score0.00564EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.11 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 6:24 p.m.6 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 9:16 p.m.4 views

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 9:58 a.m.5 views

BIT-MONGODB-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...

7.5CVSS6.9AI score0.00305EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-33139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper conditions check in firmware for some IntelR Wireless BluetoothR and KillerTM BluetoothR products before version 22.100 may allow an authenticated user...

5.7CVSS6.5AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-32206 · 4C Strategies · 4C Strategies Exonaut

Name of the Vulnerable Software and Affected Versions: 4C Strategies Exonaut versions prior to 22.4 Description: The 4C Strategies Exonaut software was found to have insecure permissions. Recommendations: Update to version 22.4 or later...

6.5CVSS7.2AI score0.0025EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

Firmanet ERP SQL注入漏洞

Firmanet ERP is an e-commerce system from Firmanet, Inc. A SQL injection vulnerability exists in Firmanet ERP version 22.11.2024 and earlier, which stems from vulnerability to SQL injection attacks...

8.2CVSS7.8AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.6 views

Galaxy Code Issues Vulnerabilities

Galaxy is an open source platform for FAIR data analysis open-sourced by Galaxy Project. A code issue vulnerability exists in Galaxy versions prior to 22.05 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker can exploit this vulnerability to send arbitrary...

6.3CVSS7AI score0.00324EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/20 12:0 a.m.10 views

LibreNMS 跨站脚本漏洞

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS versions prior to 22.10.0 have a security vulnerability that stems from the presence of...

4.8CVSS6.1AI score0.93343EPSS
Exploits0References3
OSV
OSV
added 2022/11/09 9:15 p.m.1 views

CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...

9.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/04 12:0 a.m.1 views

PT-2022-5564 · Twisted +6 · Twisted +6

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 22.4.0rc1 Description: The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead t...

9.3CVSS9.3AI score0.03608EPSS
Exploits1References55
ATTACKERKB
ATTACKERKB
added 2022/03/24 3:15 p.m.5 views

CVE-2022-0550

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...

8.6CVSS7.3AI score0.00868EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/24 3:15 p.m.7 views

CVE-2022-0551

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

8.6CVSS7.3AI score0.00868EPSS
Exploits0References2
OSV
OSV
added 2020/10/21 3:15 p.m.5 views

CVE-2020-14898

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromis...

5.4CVSS7.3AI score
Exploits0References1
Rows per page
Query Builder