Lucene search
K

2786 matches found

OSV
OSV
added 2025/12/04 3:15 p.m.5 views

CVE-2025-14007

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

6.1CVSS4.1AI score0.00234EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 2:32 p.m.22 views

CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

2CVSS0.00234EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/04 2:32 p.m.4 views

CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

2CVSS4.8AI score0.00234EPSS
Exploits1References4
CVE
CVE
added 2025/12/04 2:32 p.m.9 views

CVE-2025-14007

CVE-2025-14007 affects dayrui XunRuiCMS up to v4.7.1. Affected component: the Domain Name Binding Page, specifically the file path /admin79f2ec220c7e.php?c=api&m=demo&name=mobile. Root cause described as incorrect handling/manipulation in that page, resulting in cross-site scripting. Attacker can...

6.1CVSS3AI score0.00234EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

XunRuiCMS 代码注入漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Domain Name Binding Page in the file /admin79f2ec220c7e.php, which cou...

6.1CVSS4AI score0.00234EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49029

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A cross site scripting issue exists in dayrui XunRuiCMS. The issue is located in the Domain Name Binding Page, specifically within the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile. The...

6.1CVSS3.3AI score0.00234EPSS
Exploits1References9
GithubExploit
GithubExploit
added 2025/12/03 10:44 p.m.214 views

Exploit for CVE-2025-55182

CVE-2025-55182 and CVE-2025-66478 Technical Analysis of Ar...

10CVSS8.9AI score0.99562EPSS
Exploits386
The Hacker News
The Hacker News
added 2025/12/02 5:46 p.m.5 views

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications DoT has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai,...

7.1AI score
Exploits0
Snyk
Snyk
added 2025/12/02 6:28 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing authorization check when binding a WebSocket session to a user-supplied threadId. An attacker can exploit this weakness by providin...

4.2CVSS6.7AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2025/12/02 1:20 a.m.11 views

GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7AI score0.00377EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/12/02 1:20 a.m.17 views

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7.1AI score0.00377EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/12/02 12:35 a.m.35 views

EUVD-2025-175330

Keycloak has debug default bind address...

6.8CVSS6.2AI score0.00432EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 3:0 a.m.7 views

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/11/25 8:39 p.m.2 views

Command Injection

Overview fugue is an An abstraction layer for distributed computation Affected versions of this package are vulnerable to Command Injection via the decode function, which invokes cloudpickle.loads on untrusted data. An attacker can execute arbitrary code on the server by sending specially crafted...

9.2CVSS8AI score0.0067EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/25 8:39 p.m.6 views

Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...

8.8CVSS8.7AI score0.0067EPSS
Exploits1References5Affected Software1
CISA
CISA
added 2025/11/19 12:0 p.m.9 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-13223link is external Google Chromium V8 Type Confusion Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...

8.8CVSS6.9AI score0.04835EPSS
In wildExploits1References6
Snyk
Snyk
added 2025/11/13 6:31 p.m.4 views

Binding to an Unrestricted IP Address

Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...

7.6CVSS7.8AI score0.00432EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/13 6:31 p.m.16 views

Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

6.8CVSS7.5AI score0.00432EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.1 views

SUSE SLES12 Security Update : kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2025:4058-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4058-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: -...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.1 views

SUSE SLES15 Security Update : kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2025:4062-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4062-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: ...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References14
Rows per page
Query Builder