Lucene search
K

484 matches found

redhatcve
redhatcve
added 2025/05/22 3:18 p.m.8 views

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

6.5CVSS7AI score0.0091EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 3:10 p.m.7 views

CVE-2020-1381

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382...

7.8CVSS6.7AI score0.05753EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 1:44 p.m.7 views

CVE-2014-9022

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form...

6.4CVSS7AI score0.01523EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:30 a.m.13 views

CVE-2013-3840

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services...

4CVSS5.5AI score0.00968EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:41 a.m.5 views

CVE-2015-7342

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field...

7.2CVSS8.1AI score0.00982EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:52 a.m.9 views

CVE-2019-8136

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

9.8CVSS6.7AI score0.01239EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:14 a.m.5 views

CVE-2019-10244

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service not part of the device distribution could potentially be target of XXE attack due to an improper factory and parser initialisation...

7.5CVSS6.8AI score0.01825EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/05/05 12:0 a.m.5 views

PT-2025-19806 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin topic.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin topic.php component...

9.8CVSS7.3AI score0.00421EPSS
Exploits1References7
bdu_fstec
bdu_fstec
added 2025/04/14 12:0 a.m.10 views

The vulnerability of the jfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the jfs component in the Linux operating system’s kernel involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS6.9AI score0.0023EPSS
Exploits0References16Affected Software7
bdu_fstec
bdu_fstec
added 2025/04/01 12:0 a.m.7 views

The vulnerability of the OBN component of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of authenticity verification for a critical function. This allows attackers to circumvent existing security restrictions.

The vulnerability of the OBN component in the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...

5.3CVSS5.5AI score0.00281EPSS
Exploits0References3
cve
cve
added 2025/03/28 8:34 p.m.97 views

CVE-2024-6875

CVE-2024-6875 concerns Infinispan in Red Hat Data Grid. The REST /compare API may leak buffers, enabling continual high-volume POST requests to trigger a buffer leak and an OutOfMemoryError. Documents consistently describe the REST API surface and the memory exhaustion risk, with no explicit fixe...

6.5CVSS7.3AI score0.00445EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/03/19 12:0 a.m.4 views

PT-2025-11709 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: emlog pro versions 2.5.0 through 2.5. Description: An arbitrary file upload vulnerability in the component /admin/template.php allows attackers to execute arbitrary code via uploading a crafted PHP file. The vulnerability is exploited through...

6.3CVSS7.1AI score0.00371EPSS
Exploits1References8
redhatcve
redhatcve
added 2025/02/19 10:22 a.m.8 views

CVE-2025-25474

A flaw was found in DCMTK. This vulnerability allows an attacker to cause unexpected behaviour via a buffer overflow in the diinpxt.h file...

7.4CVSS6.5AI score0.00312EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/02/18 12:0 a.m.5 views

The vulnerability of the md component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the md component in the Linux operating system’s kernel is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References29Affected Software6
ibm
ibm
added 2025/02/10 12:59 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...

8.7CVSS7.4AI score0.00873EPSS
Exploits0Affected Software1
bdu_fstec
bdu_fstec
added 2025/02/10 12:0 a.m.8 views

The vulnerability of the General component in Oracle Application Express development environment allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the General component in Oracle Application Express development relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to influence the confidentiality and integrity of protected information through HTTP requests...

5.5CVSS7.7AI score0.00249EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2025/02/10 12:0 a.m.5 views

The vulnerability of the Security component of the Oracle Communications Order and Service Management system allows a perpetrator to gain read, modify, add, or delete access to data, or cause a partial service disruption.

The vulnerability of the Security component of the Oracle Communications Order and Service Management system is related to a data source validation error. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read, modify, add, or delete access to data, or cause a parti...

6.5CVSS7.7AI score0.00185EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2025/02/05 12:6 a.m.9 views

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS6.4AI score0.0083EPSS
Exploits1
bdu_fstec
bdu_fstec
added 2025/02/03 12:0 a.m.7 views

The vulnerability of the parisc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the parisc component in the Linux operating system’s kernel is related to a NULL pointer dereferencing error. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00239EPSS
Exploits0References22Affected Software3
bdu_fstec
bdu_fstec
added 2025/01/27 12:0 a.m.7 views

The vulnerability of the Frames component in Google Chrome and Microsoft Edge allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.

The vulnerability of the Frames component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML page...

7.8CVSS6.5AI score0.00268EPSS
Exploits1References11Affected Software8
Rows per page
Query Builder