Lucene search
+L

492 matches found

Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.5 views

PT-2025-40045

Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...

7.5CVSS7.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/29 9:51 a.m.17 views

CVE-2025-11089

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...

7.5CVSS7.2AI score0.00387EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.4 views

Jenkins Unauthenticated Access

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying application. If authentication is not enforced, an attacker can gain administrative access to Jenkins, potentially allowing for the execution of arbitra...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.4 views

GoCD Unauthenticated Access

GoCD is an open-source continuous delivery server. When accessible without authentication, an attacker can gain unauthorized access to the GoCD interface, potentially leading to information disclosure or further exploitation of the system. No source data...

6.5AI score
Exploits0References2
CVE
CVE
added 2025/09/25 1:2 p.m.47 views

CVE-2025-10946

CVE-2025-10946 affects nuz007 smsboom; the vulnerability is in an unknown function within dy.php where manipulating the hm argument triggers cross-site scripting. Remote exploitation is possible. The Product uses rolling releases, so no specific affected/updated version details are provided in th...

5.1CVSS4.1AI score0.00233EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 2:27 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]

Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

3.1CVSS5.4AI score0.00459EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.9 views

PT-2025-37443

Name of the Vulnerable Software and Affected Versions: newbee-mall versions prior to 613a662adf1da7623ec34459bc83e3c1b12d8ce7 Description: A vulnerability exists in newbee-mall related to improper authorization. The issue affects the paySuccess function within the /paySuccess file of the Order...

5.3CVSS4.5AI score0.00268EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/09/07 12:0 a.m.4 views

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from storing passwords in client configuratio...

5.5CVSS6.4AI score0.00094EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in react-airbnb-prettier (npm)

The package react-airbnb-prettier was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dfaae080b90705a47740e1ced1edacf0110db947f0f26fdd35e2805a2886d37 This package installs a dependency hosted on a custom domain that...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-14196 Malicious code in airbnb-relaxed (npm)

The package airbnb-relaxed was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1b6a5e736a13af63369b9867066a010eb0cb881853407342fe42c472c919dd3c This package installs a dependency hosted on a custom domain that runs an...

6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/09 12:2 p.m.5 views

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

7.5CVSS7.9AI score0.04804EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/09 12:2 p.m.18 views

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

7.5CVSS0.04804EPSS
Exploits1References4
NVD
NVD
added 2025/08/03 9:15 a.m.6 views

CVE-2025-8506

A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has...

5.1CVSS0.0025EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/07/29 12:0 a.m.9 views

The vulnerability of the configuration of the Version Control System (VCS) of the Continuous Integration and Delivery Application Framework (CI/CD) tool JetBrains TeamCity allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the TeamCity VCS configuration in continuous integration and delivery systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.18 views

The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity, related to insufficient protection of registration data, allows attackers to disclose protected information.

The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

7.7CVSS5.4AI score0.00404EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/07/21 7:15 p.m.8 views

CVE-2025-7935

A vulnerability, which was classified as critical, was found in fuyanglipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argume...

8.8CVSS5.7AI score0.00416EPSS
Exploits1References4
NVD
NVD
added 2025/07/06 2:15 p.m.16 views

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

6.3CVSS0.00353EPSS
Exploits0References4
NVD
NVD
added 2025/06/27 2:15 p.m.8 views

CVE-2025-6768

A vulnerability classified as critical has been found in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to...

6.5CVSS0.00254EPSS
Exploits0References4
NVD
NVD
added 2025/06/27 1:15 p.m.7 views

CVE-2025-6767

A vulnerability was found in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack...

6.5CVSS0.00236EPSS
Exploits0References4
CVE
CVE
added 2025/06/27 1:0 p.m.12 views

CVE-2025-6767

Summary: CVE-2025-6767 affects sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8, with a SQL injection in the function findDoctorByCondition of DoctorServiceImpl.java caused by the hospitalName parameter. The attack can be remote and exploit has been disclosed publicly. Multiple ...

6.5CVSS6.8AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder