Lucene search
K

11 matches found

EUVD
EUVD
added 2026/03/27 9:31 a.m.3 views

EUVD-2026-16575

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

8.3CVSS5.9AI score0.00137EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/11/19 12:0 a.m.31 views

VulnCheck KEV: CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS6AI score0.10701EPSS
In wildExploits8References73
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.3 views

NewStart CGSL MAIN 6.06 : gcc Vulnerability (NS-SA-2025-0227)

The remote NewStart CGSL host, running version MAIN 6.06, has gcc packages installed that are affected by a vulnerability: - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy...

7.5CVSS7.2AI score0.03207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-37791 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui versions prior to 10 Description: A CORS misconfiguration allows attackers to steal sensitive information, such as logs, browser sessions, and settings containing private API keys from other services. This issue can also enable...

8.1CVSS8.1AI score0.00242EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.5 views

PT-2023-31801 · Unknown · Sandbox Accounts For Events

Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.10.0 Description: The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events,...

7.8CVSS3.5AI score0.00169EPSS
Exploits0References7
OSV
OSV
added 2021/02/24 4:15 p.m.3 views

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

8.8CVSS7.4AI score0.01027EPSS
Exploits0References1
OSV
OSV
added 2020/01/21 11:15 p.m.3 views

CVE-2020-1788

Honor V30 smartphones with versions earlier than 10.0.1.135C00E130R4P1 have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious...

5.5CVSS6.1AI score0.00591EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/18 12:0 a.m.3 views

Red Hat Infinispan Elevation of Privilege Vulnerability

Red Hat Infinispan is a distributed caching and key-value NoSQL data storage software from Red Hat Red Hat. A security vulnerability exists in versions prior to Red Hat Infinispan 10.0.0 Final. An attacker could exploit the vulnerability to invoke private methods with Infinispan privileges...

8.8CVSS7.9AI score0.03089EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/08 12:0 a.m.4 views

Apple Xcode LLVM Component Memory Corruption Vulnerability

Apple Xcode is the United States Apple Apple company's set of integrated development environment for developers, it is mainly used for the development of Mac OS X and iOS applications. LLVM Low Level Virtual Machine is a set of LLVM team developed a framework for framing the compiler compiler...

9.3CVSS7.4AI score0.00926EPSS
Exploits0References1
OSV
OSV
added 2019/02/17 4:29 a.m.3 views

CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization...

6.5CVSS6.9AI score0.64051EPSS
Exploits5References4
CNVD
CNVD
added 2018/05/29 12:0 a.m.4 views

Apache Batik Information Disclosure Vulnerability (CNVD-2018-10557)

Apache Batik also known as Batik SVG Toolkit or Batik Java SVG Toolkit is the U.S. Apache Apache Software Foundation's set of Java-based application programs mainly used to deal with SVG format images. An information disclosure vulnerability exists in Apache Batik versions 1.x prior to 1.10. An...

9.8CVSS6.2AI score0.19523EPSS
Exploits0References1
Rows per page
Query Builder