Lucene search
K

130 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-17464

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.0035EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13925

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8664

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00592EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46918

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00557EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.4 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.6AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 3:15 p.m.10 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 3:15 p.m.5 views

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.5AI score
Exploits0References1
CVE
CVE
added 2025/09/23 2:55 p.m.25 views

CVE-2025-4760

CVE-2025-4760 is an authenticated stored XSS vulnerability in multiple WSO2 products, arising from improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript that...

4.8CVSS5.2AI score0.00173EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2025/09/23 2:55 p.m.1 views

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.2AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/23 2:55 p.m.7 views

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS0.00173EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-14201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in...

6.5CVSS6.7AI score0.01629EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-21312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before...

5.4CVSS6.2AI score0.00592EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-42462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

9.1CVSS7.9AI score0.01043EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/15 9:29 p.m.15 views

CVE-2012-10056

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessib...

8.7CVSS7.7AI score0.00929EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

Sourceforge PHP Volunteer Management 安全漏洞

Sourceforge PHP Volunteer Management is a Sourceforge open source PHP-based volunteer management system. A security vulnerability exists in Sourceforge PHP Volunteer Management version 1.0.2, which stems from the document upload feature not restricting file types, which could lead to arbitrary fi...

8.7CVSS6.9AI score0.00929EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/11 1:21 p.m.6 views

CVE-2025-5877

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

8.1CVSS6.3AI score0.0035EPSS
Exploits1References1
OSV
OSV
added 2025/06/09 1:15 p.m.4 views

CVE-2025-5877

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

8.1CVSS4.9AI score0.0035EPSS
Exploits1References5
NVD
NVD
added 2025/06/09 1:15 p.m.12 views

CVE-2025-5877

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

8.1CVSS0.0035EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/09 12:31 p.m.6 views

CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

6.5CVSS6.5AI score0.0035EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/09 12:31 p.m.17 views

CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

6.5CVSS0.0035EPSS
Exploits1References5
Rows per page
Query Builder