Lucene search
K

226 matches found

CNNVD
CNNVD
added 2026/03/24 12:0 a.m.11 views

NVIDIA SNAP-4 Container 安全漏洞

NVIDIA SNAP-4 Container is a containerized operating environment component provided by NVIDIA Corporation in the United States. There is a security vulnerability present in NVIDIA SNAP-4 Container, which stems from an error in buffer size calculation within the configuration interface, potentiall...

6.8CVSS5.9AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27501

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

6.8CVSS6AI score0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 2:35 a.m.6 views

EUVD-2026-13501

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

9.6CVSS6AI score0.00427EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.27 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26039

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.3 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

5.8AI score0.00179EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2017-20220

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS0.00395EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25735

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS5.8AI score0.00661EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25738

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.22 views

CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS0.00395EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.5 views

CVE-2017-20220

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

5.8AI score0.00395EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/03/15 6:34 p.m.12 views

CVE-2017-20220

CVE-2017-20220 affects Serviio PRO 1.8. The vulnerability is an improper access control in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password by sending crafted requests to REST endpoints. The available documents confirm the affected product...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

5.8AI score0.00661EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/02/27 9:16 p.m.9 views

CVE-2026-28272

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...

8.1CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 8:22 p.m.5 views

EUVD-2026-9067

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...

8.1CVSS5.9AI score0.00331EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:22 p.m.4 views

CVE-2026-28272

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...

8.1CVSS5.9AI score0.00331EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/27 8:22 p.m.18 views

CVE-2026-28272

Kiteworks Email Protection Gateway (pre-9.2.0) has a stored XSS vulnerability exploitable by authenticated administrators via a configuration interface. The stored script can execute when users interact with the affected UI, potentially impacting confidentiality and integrity (C=HIGH, I=HIGH) wit...

8.1CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:22 p.m.3 views

CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...

8.1CVSS5.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

Kiteworks 跨站脚本漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from defects in the configuration interface of Email Protection Gateway,...

8.1CVSS5.6AI score0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22396

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...

8.1CVSS6AI score0.00331EPSS
Exploits0References6
Rows per page
Query Builder