Lucene search
K

708 matches found

OSV
OSV
added 2026/01/09 2:5 p.m.10 views

OESA-2026-1010 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resour...

7.8CVSS7.5AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/01/09 2:5 p.m.8 views

OESA-2026-1009 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resour...

7.8CVSS6.2AI score0.00196EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.9 views

CVE-2020-24146

Directory traversal in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action...

8.1CVSS7.1AI score0.01673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 3:9 p.m.6 views

CVE-2025-2154

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...

5.4CVSS6.1AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 3:16 p.m.7 views

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS0.00288EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 3:16 p.m.9 views

CVE-2025-2154

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...

5.4CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 2:31 p.m.5 views

EUVD-2025-205285

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025...

8.8CVSS6.8AI score0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 2:31 p.m.5 views

CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS5.6AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/12/24 2:31 p.m.7 views

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS5.6AI score0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/24 2:26 p.m.5 views

CVE-2025-2154

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...

5.4CVSS5.4AI score0.00138EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/24 2:26 p.m.4 views

CVE-2025-2154 Stored XSS in EchoCCS's Specto CM

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...

5.4CVSS5.4AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2025/12/24 2:26 p.m.15 views

CVE-2025-2154

CVE-2025-2154 is a Stored XSS vulnerability affecting Specto CM (Echo Specto Call Center Management) prior to version 17032025, caused by improper input neutralization during web page generation. The issue is documented across multiple sources (NVD, Red Hat, CVE listing) as a stored XSS in Specto...

5.4CVSS5.4AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 2:26 p.m.5 views

EUVD-2025-205286

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Echo Specto CM 跨站脚本漏洞

Echo Specto CM is a call center management system from Echo Turkey. A cross-site scripting vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.9 views

PT-2025-53295

Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions...

8.8CVSS7.8AI score0.00288EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin CM On Demand Search And Replace 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.8AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51381

Name of the Vulnerable Software and Affected Versions CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.4 Description An authorization issue exists in CreativeMindsSolutions CM On Demand Search And Replace, allowing exploitation due to incorrectly configured access contr...

4.3CVSS6.6AI score0.00192EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.5 views

kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

7.8CVSS5.7AI score0.00154EPSS
Exploits0References5
CVE
CVE
added 2025/11/26 10:13 p.m.14 views

CVE-2020-36873

The CVE-2020-36873 entry affects Astak CM-818T3 2.4GHz wireless security cameras. A vulnerability exists in the /web/cgi-bin/hi3510/backup.cgi endpoint that allows remote, unauthenticated download of a compressed configuration backup, potentially exposing administrative credentials and other sens...

8.7CVSS6.4AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/26 10:13 p.m.11 views

CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...

8.7CVSS0.00554EPSS
Exploits0References2
Rows per page
Query Builder