14 matches found
EUVD-2026-31373
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...
Fedora: Security Advisory (FEDORA-2025-cf39a93e95)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:01889-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Summary A vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, da...
CVE-2024-7512
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector:...
CVE-2024-7512
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector:...
CVE-2024-7512 Concrete CMS Stored XSS in Board instances
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector:...
CVE-2024-4353 Stored XSS in Generate Board Name Input Field
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concre...
Exploit for CVE-2024-6768
CVE-2024-6768: Improper validation of specified quantity in in...
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures CVEs disclosed worldwide, covering a range of applications, software and hardware that...
CVSS 4.0 Decoded: Understanding & Implementing Changes
What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
The Forum of Incident Response and Security Teams FIRST has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of CVSS 4.0 seeks to provide the highest...
CVE-2017-3318
Removed by vendor...
Fedora Update for gnutls FEDORA-2013-2892
Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2013-2892 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...