Lucene search
K

92 matches found

CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

OpenEMR 信息泄露漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a vulnerability...

4.5CVSS5.8AI score0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.4 views

CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

7.5CVSS5.3AI score0.00369EPSS
Exploits0References3
CNVD
CNVD
added 2025/12/12 12:0 a.m.9 views

MailEnable Id Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-34406

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202194

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...

6.1CVSS5.3AI score0.00336EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 6:15 p.m.11 views

CVE-2025-34406

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...

6.1CVSS0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:8 p.m.26 views

CVE-2025-34406 MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...

5.3CVSS0.00336EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:8 p.m.13 views

CVE-2025-34406

CVE-2025-34406 affects MailEnable versions prior to 10.54. A reflected XSS flaw exists in the Id parameter of /Mobile/ContactDetails.aspx where the Id value is not properly sanitized in a GET request and is reflected within a script block. Exploitation involves injecting a crafted payload to term...

6.1CVSS5.4AI score0.00336EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.17 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00336EPSS
Exploits0References4
Veracode
Veracode
added 2025/10/31 9:29 a.m.9 views

Insecure Direct Object Reference (IDOR)

Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...

6.9CVSS7AI score0.00257EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.14 views

EUVD-2021-1999

Malware in sbrugna...

8.3CVSS6.8AI score0.00642EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17958

Malware in sbrugna...

5.4CVSS5.5AI score0.03185EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9255

Malware in sbrugna...

4CVSS4.6AI score0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-48486

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-25216

Malicious code in bioql PyPI...

8.7CVSS5.8AI score0.00879EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-25688

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00406EPSS
Exploits0References1
HackRead
HackRead
added 2025/09/11 1:5 p.m.6 views

UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.8 views

CVE-2022-46485

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...

7.5CVSS6.9AI score0.01038EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2024/11/13 10:10 p.m.19 views

Temu must respect consumer protection laws, says EU

Temu has been accused of a number of infringements on its platform against European Union EU consumer law. The Consumer Protection Cooperation CPC Network of national consumer authorities and the European Commission teamed up for a coordinated ongoing investigation into Temu and its practices. Th...

6.9AI score
Exploits0
OSV
OSV
added 2024/03/06 11:15 a.m.27 views

BIT-GITLAB-2022-1948

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details...

8.7CVSS6.2AI score0.00879EPSS
Exploits0References4
Rows per page
Query Builder