Lucene search
K

389 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.21 views

CVE-2025-1534

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

6.8CVSS7.7AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.12 views

CVE-2024-2537

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion...

9.8CVSS7.1AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 3:9 p.m.12 views

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025...

8.8CVSS7.3AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 3:16 p.m.7 views

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS0.00288EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 2:31 p.m.3 views

EUVD-2025-205285

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025...

8.8CVSS6.8AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/24 2:31 p.m.34 views

CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 2:31 p.m.5 views

CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS5.6AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2025/12/24 2:31 p.m.22 views

CVE-2025-2155

CVE-2025-2155 affects Specto CM (Echo Call Center Services Trade and Industry Inc.). The vulnerability is an Unrestricted Upload of File with Dangerous Type, enabling Remote Code Inclusion. Affected versions are before 17032025. Root cause: improper file‑type validation allowing executable conten...

8.8CVSS5.6AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/12/24 2:31 p.m.7 views

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

8.8CVSS5.6AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.7 views

Echo Specto CM 代码问题漏洞

Echo Specto CM is a call center management system from Echo Turkey. A code issue vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from an unrestricted upload of hazardous types of files, which could lead to remote code inclusion...

8.8CVSS7.4AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.7 views

PT-2025-53295

Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions...

8.8CVSS7.8AI score0.00288EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.7 views

CVE-2025-66078

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

9.1CVSS7.2AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:16 a.m.23 views

CVE-2025-66078

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

9.1CVSS0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 7:22 a.m.5 views

EUVD-2025-204049

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

9.1CVSS6.6AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

WordPress plugin Hotel Booking Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.1CVSS7.2AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52196

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

7.2AI score0.00314EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.12 views

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS6.7AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.16 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS7.1AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 4:15 p.m.13 views

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 4:15 p.m.12 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00261EPSS
Exploits0References1
Rows per page
Query Builder