Lucene search
K

6052 matches found

CNNVD
CNNVD
added 2025/04/24 12:0 a.m.2 views

PLANET UNI-NMS-Lite 信任管理问题漏洞

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite is vulnerable to a trust management issue that can be exploited by an attacker to submit a special request that can...

9.8CVSS6.8AI score0.00468EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/23 2:38 a.m.5 views

SUSE CVE-2025-22115

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...

7CVSS7.5AI score0.00115EPSS
Exploits0References52
OSV
OSV
added 2025/04/22 6:16 p.m.1 views

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

7.3CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/21 3:31 p.m.3 views

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image title sub-field in the image field. Details Cross-site scripting or X...

6.5CVSS5.2AI score0.00288EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/21 3:31 p.m.1 views

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image copyright sub-field in the image field. Details Cross-site scripting ...

6.1CVSS5.3AI score0.00274EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.4 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from the presence of stored cross-site scripting in the image parameter of the Create/Modify article function, which could lead to the execution of arbitra...

5.4CVSS5.7AI score0.00274EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.6 views

PT-2025-17444 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...

6.5CVSS5.9AI score0.00288EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.29 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

0.00274EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.4 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

6.5CVSS6.2AI score0.00288EPSS
Exploits1References1
OSV
OSV
added 2025/04/20 1:15 a.m.7 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
OSV
OSV
added 2025/04/20 1:15 a.m.2 views

UBUNTU-CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/20 12:0 a.m.35 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS0.00379EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/04/18 11:20 p.m.2 views

SUSE CVE-2025-22042

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context...

5.5CVSS7.8AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/18 11:20 p.m.4 views

SUSE CVE-2025-22071

In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufscreatecontext Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufsmkdir fails, we need to drop the reference to neighbor...

5.5CVSS7.3AI score0.00174EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/18 6:31 p.m.25 views

Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS5.7AI score0.00211EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2025/04/18 6:31 p.m.2 views

GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS6AI score0.00211EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/04/18 2:22 a.m.12 views

CVE-2025-29708

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services...

9.8CVSS7.3AI score0.00515EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/18 2:14 a.m.9 views

CVE-2025-29709

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio...

9.8CVSS7.3AI score0.00515EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.4 views

PT-2025-17320 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS5AI score0.00211EPSS
Exploits3References10
NVD
NVD
added 2025/04/17 10:15 p.m.22 views

CVE-2025-29456

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function...

6.5CVSS0.00309EPSS
Exploits1References1
Rows per page
Query Builder