Lucene search
K

19189 matches found

EUVD
EUVD
added 2025/10/09 9:31 p.m.4 views

EUVD-2025-33561

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

6.5CVSS6.3AI score0.00343EPSS
Exploits1References5
OSV
OSV
added 2025/10/09 8:15 p.m.3 views

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

8.8CVSS5.3AI score0.00343EPSS
Exploits1References4
NVD
NVD
added 2025/10/09 8:15 p.m.4 views

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

8.8CVSS0.00343EPSS
Exploits1References4
CVE
CVE
added 2025/10/09 8:2 p.m.12 views

CVE-2025-11554

Portabilis i-Educar (

8.8CVSS6.4AI score0.00343EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/10/09 8:2 p.m.10 views

CVE-2025-11554 Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

6.5CVSS0.00343EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/09 8:2 p.m.5 views

CVE-2025-11554 Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

6.5CVSS6.4AI score0.00343EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/09 3:18 a.m.10 views

CVE-2025-47342 Use After Free in BT Controller

Transient DOS may occur when multi-profile concurrency arises with QHS enabled...

7.1CVSS0.0015EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:18 a.m.15 views

CVE-2025-47342

CVE-2025-47342 concerns Qualcomm chipsets where a transient denial-of-service can occur due to concurrency involving QHS and multi-profile configurations. The Red Hat/NVD/CVE records describe the issue as a transient DOS when multiple profiles are used concurrently with QHS enabled; the CVE List ...

7.1CVSS6.5AI score0.0015EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/09 3:18 a.m.5 views

CVE-2025-47342 Use After Free in BT Controller

Transient DOS may occur when multi-profile concurrency arises with QHS enabled...

7.1CVSS6.5AI score0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.5 views

PT-2025-41456

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.9.10 Description A security issue exists in Portabilis i-Educar. The problem relates to insecure inherited permissions within the User Type Handler component, specifically in the file...

6.5CVSS6.1AI score0.00343EPSS
Exploits1References9
NVD
NVD
added 2025/10/08 4:15 p.m.4 views

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

6.4CVSS0.00238EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/08 2:48 p.m.6 views

Information Disclosure

sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...

6.5CVSS6.9AI score0.00179EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/08 2:43 p.m.1 views

Cross-site Scripting (XSS)

Overview webreinvent/vaahcms is a laravel based open-source web application development platform shipped with headless content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload function in the MediaController.php file. An attacker can...

6.1CVSS5.4AI score0.00273EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/10/08 5:2 a.m.11 views

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

5.1CVSS0.00259EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 5:2 a.m.4 views

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

5.1CVSS3.6AI score0.00259EPSS
Exploits1References5
CVE
CVE
added 2025/10/08 12:0 a.m.16 views

CVE-2025-59303

HAProxy Kubernetes Ingress Controller (before 3.1.13) is vulnerable when the config-snippets feature flag is enabled: it can accept user-provided config snippets from users with create/update permissions, potentially leaking an ingress token secret. Fixed versions are HAProxy Kubernetes Ingress C...

6.4CVSS6.5AI score0.00238EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/08 12:0 a.m.3 views

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the config-snippets feature flag. An attacker can access sensitive environment variables, including the Kubernetes service account token secret, by injecting arbitrary HAProxy directives. Note...

8.5CVSS6.9AI score0.00238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-53603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sactl is NULL and fcport i...

5.5CVSS6AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41301

Name of the Vulnerable Software and Affected Versions Curo UC300 version 5.42.1.7.1.63R1 Description A flaw exists within the Admin panel that permits local attackers to inject arbitrary OS Commands. The injection occurs through the IP Addr parameter. Recommendations At the moment, there is no...

8.8CVSS6.5AI score0.01161EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.8 views

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

6.4CVSS0.00238EPSS
Exploits0References1
Rows per page
Query Builder