Lucene search
K

5552 matches found

CNNVD
CNNVD
added 2025/11/27 12:0 a.m.3 views

WordPress plugin SKT PayPal for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.6AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 7:15 p.m.12 views

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48178

Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References7
OSV
OSV
added 2025/11/21 3:59 p.m.4 views

JLSEC-2025-227 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted ...

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtlssslsethostname...

5.4CVSS7AI score0.00184EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.4 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS6.6AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 3:16 p.m.5 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

5.4CVSS0.0023EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 3:16 p.m.4 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS0.00243EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 3:16 p.m.7 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 1:26 p.m.4 views

EUVD-2025-197999

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...

6.9CVSS6.2AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47327

Name of the Vulnerable Software and Affected Versions electic-shop version 1.0 Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and...

5.4CVSS6AI score0.0023EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.24 views

Windu CMS 安全漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...

7.5CVSS6.3AI score0.00243EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 12:0 a.m.8 views

CVE-2025-56527

The CVE-2025-56527 entry concerns Kotaemon 0.11.0 where plaintext passwords are stored in the client’s localStorage. The associated CVSS 3.1 score is 7.5 (HIGH) with an attack vector of Network, attack complexity Low, no privileges required, no user interaction, and but with Confidentiality Impac...

7.5CVSS6.7AI score0.00372EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.7 views

PT-2025-47311

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts...

7.5CVSS6.6AI score0.00243EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.3 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

6AI score0.0023EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...

7.5CVSS6.5AI score0.00372EPSS
Exploits1References5
OSV
OSV
added 2025/11/17 10:17 a.m.6 views

CLSA-2025-1763374645 varnish: Fix of 2 CVEs

CVE-2024-30156: fix HTTP/2 flow control vulnerability allowing window credit exhaustion Broke Window Attack causing potential denial of service - CVE-2025-47905: fix client-side request smuggling via malformed HTTP/1 chunked requests...

7.5CVSS6.7AI score0.03663EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.14 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS7AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2025/11/15 12:15 a.m.6 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal...

7.1CVSS0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.4 views

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

8.7CVSS6.6AI score0.0023EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/14 11:38 p.m.5 views

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References3
Rows per page
Query Builder