Lucene search
K

43682 matches found

Vulnrichment
Vulnrichment
added 2026/01/14 6:28 p.m.4 views

CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

4.8CVSS5.3AI score0.00194EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/14 6:28 p.m.4 views

CVE-2025-71165

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

5.4CVSS5.6AI score0.00194EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/14 6:28 p.m.7 views

EUVD-2026-2428

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

4.8CVSS5.2AI score0.00194EPSS
Exploits1References4
CVE
CVE
added 2026/01/14 6:28 p.m.19 views

CVE-2025-71165

Summary: Typesetter CMS

5.4CVSS5.3AI score0.00194EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/14 6:27 p.m.4 views

CVE-2025-71164 Typesetter CMS Reflected XSS via Editing.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.2AI score0.00194EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/14 6:27 p.m.5 views

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.1AI score0.00194EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/14 6:27 p.m.20 views

CVE-2025-71164 Typesetter CMS Reflected XSS via Editing.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS0.00194EPSS
Exploits1References3
CVE
CVE
added 2026/01/14 6:27 p.m.16 views

CVE-2025-71164

Typesetter CMS

5.4CVSS5.2AI score0.00194EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/14 6:16 p.m.4 views

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

5.4CVSS5.7AI score0.00257EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/14 2:46 p.m.5 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/14 12:26 p.m.4 views

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

6.4CVSS6.9AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 12:26 p.m.4 views

CVE-2025-59022

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

8.1CVSS6.8AI score0.0038EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/14 12:0 a.m.2 views

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

5.4CVSS5AI score0.00257EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2946

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

4.8CVSS5.7AI score0.00194EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.4 views

Typesetter CMS 跨站脚本漏洞

Typesetter CMS is a content management system from Typesetter open source. A cross-site scripting vulnerability exists in Typesetter CMS 5.1 and earlier versions, which stems from insufficient cleanup and escaping of the images parameter and could lead to a reflective cross-site scripting attack...

5.4CVSS6AI score0.00194EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2944

Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the Editing component. The images parameter, submitted as images in a POST request, ...

5.4CVSS5.7AI score0.00194EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/14 12:0 a.m.30 views

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

0.00257EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.1 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : openssl-0.9.8e-22.AXS3.1 (AXSA:2012-465:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-465:03 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS8AI score0.13075EPSS
Exploits0References3
Rows per page
Query Builder