Lucene search
K

595 matches found

Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.20 views

PT-2026-26438

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

7.1CVSS5.9AI score0.00164EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/03/12 11:24 p.m.12 views

K000160327: Protect your network from geopolitical uncertainty with F5

Security Advisory Description While there are many cyber-threats creating a constant need for cybersecurity efforts, history teaches us that geopolitical conflicts often generate increased cyber activity. In recent years the world has seen conflicts in Ukraine, Yemen, Iran, and elsewhere generate...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/03/05 6:5 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the firstname and lastname inputs when processed by editUser.tpl.php. An attacker can inject arbitrary HTML content by submitting crafted input, which is rendered when other users view the affected profile,...

5.4CVSS5.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/02 7:35 p.m.8 views

lxml-html-clean has <base> tag injection through default Cleaner configuration

Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...

6.1CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/02 7:35 p.m.4 views

GHSA-XVP8-3MHV-424C lxml-html-clean has <base> tag injection through default Cleaner configuration

Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...

6.1CVSS5.9AI score0.00254EPSS
Exploits1References4
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.7 views

YesWiki <= 4.5.1 - Cross-Site Scripting

YesWiki alertdocument.domain","YesWiki"' - 'statuscode == 200' - 'containscontenttype, "text/html"' condition: and digest: 4a0a0047304502200362ca1190c63e21f2923bf08de7cb7da7b574446b257e6007dfd76d97c7ed0b02210097168371a37ae69e386417974c7fa650ac4099a59a65f245bd361ac61d391a41:922c64590222798b...

6.1CVSS5AI score0.00498EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.9 views

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

6.5CVSS5.9AI score0.00632EPSS
Exploits1References1
OSV
OSV
added 2026/01/28 7:16 p.m.4 views

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

6.5CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/01/28 5:30 a.m.7 views

EUVD-2026-4865

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 a.m.3 views

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

5.9AI score0.00632EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/28 12:0 a.m.7 views

EUVD-2025-206457

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

5.1CVSS5.9AI score0.00632EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.17 views

PT-2026-5061

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/01/28 12:0 a.m.17 views

CVE-2025-69601

CVE-2025-69601 affects 66biolinks v44.0.0 (AltumCode) in the app’s “Static Sites” feature. A Zip Slip directory traversal occurs when ZIP archives are uploaded, as files are extracted without path validation, allowing traversal sequences (e.g., ../) to write outside the extraction directory. Repo...

6.5CVSS5.9AI score0.00632EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.25 views

PT-2026-5187

Name of the Vulnerable Software and Affected Versions 66biolinks version 44.0.0 Description A directory traversal issue exists in the “Static Sites” feature. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences...

6.5CVSS5.5AI score0.00632EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/28 12:0 a.m.30 views

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

0.00632EPSS
Exploits1References1
NVD
NVD
added 2025/12/12 5:16 a.m.12 views

CVE-2025-66492

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

8.2CVSS0.00213EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS5.8AI score0.44656EPSS
In wildExploits3References29
OSV
OSV
added 2025/11/25 5:56 p.m.5 views

BIT-DRUPAL-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007

User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

4.3CVSS6.8AI score0.00198EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/18 6:53 p.m.166 views

Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke

=== Description === DNN formerly DotNetNuke is an open-source...

10CVSS6.5AI score0.44656EPSS
Exploits3
Snyk
Snyk
added 2025/11/18 5:43 p.m.2 views

User Interface (UI) Misrepresentation of Critical Information

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information. An attacker who convinces a user to follow a malicious link can...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder