Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: NetworkManager (UTSA-2026-016802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016802 advisory. A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configu...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 5:59 p.m.7 views

DRUPAL-CONTRIB-2026-024

The Google Analytics GA4 module enables users to add custom attributes to the script tag used to load the Google Analytics library. The module does not sufficiently sanitize these attributes. This vulnerability is mitigated by the fact that an attacker must have a role with the "ga4 configure" or...

6.1CVSS6AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2025/11/17 5:24 p.m.13 views

CVE-2025-64758

CVE-2025-64758 affects Dependency-Track frontend (SPA). From 4.12.0 up to before 4.13.6, administrators with SYSTEM_CONFIGURATION could configure a login-page welcome message that was not properly sanitized, allowing arbitrary JavaScript to execute in users’ browsers. The issue results in a persi...

4.8CVSS6.6AI score0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5097

Malicious code in bioql PyPI...

8.5CVSS8.6AI score0.01145EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1477

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.02364EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-1906

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00656EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3405

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00911EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5637

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00735EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/10/02 9:16 a.m.5 views

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS7.2AI score0.00342EPSS
Exploits1
OSV
OSV
added 2025/09/09 8:23 p.m.6 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.2AI score0.03396EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/09 8:23 p.m.7 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS0.03396EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:19 p.m.5 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.2AI score0.00793EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 7:59 p.m.15 views

CVE-2025-34173

Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...

5.3CVSS6.2AI score0.00836EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:48 a.m.15 views

CVE-2024-43397

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

4.3CVSS6.3AI score0.00349EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.5 views

CVE-2023-33007

Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.5AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.6 views

CVE-2020-2271

Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.00735EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.8 views

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

5.5CVSS6.7AI score0.00455EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.7 views

SUSE CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS9.2AI score0.01577EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.1 views

SUSE CVE-2018-1999005

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...

5.4CVSS4.7AI score0.00894EPSS
Exploits0References3
OSV
OSV
added 2022/06/30 6:15 p.m.13 views

CVE-2022-34783

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score
Exploits0References1
Rows per page
Query Builder