Lucene search
K

2884 matches found

ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.10 views

PT-2026-37280

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with page editing permissions can perform stored Cross-Site Scripting XSS by injecting an executable JavaScript event-handler attribute into rendered image HTML. This occurs...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References5
fedora
fedora
added 2026/05/01 3:12 a.m.6 views

[SECURITY] Fedora 44 Update: emacs-30.2-23.fc44

GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor...

7.1CVSS5.3AI score0.00108EPSS
Exploits0
cvelist
cvelist
added 2026/04/29 7:24 p.m.29 views

CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
euvd
euvd
added 2026/04/29 7:24 p.m.3 views

EUVD-2018-21829

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
cve
cve
added 2026/04/29 7:24 p.m.8 views

CVE-2018-25308

Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
nvd
nvd
added 2026/04/29 6:16 p.m.6 views

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8.8CVSS0.00163EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/29 5:18 p.m.4 views

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS5.3AI score0.00163EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/29 5:18 p.m.6 views

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS5.3AI score0.00163EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/04/27 12:0 a.m.11 views

PT-2026-35340

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/04/24 7:23 p.m.7 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

9.8CVSS5.6AI score0.00359EPSS
Exploits1References1
euvd
euvd
added 2026/04/23 6:33 p.m.5 views

EUVD-2025-209568

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
nvd
nvd
added 2026/04/23 4:16 p.m.6 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

9.8CVSS0.00359EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/04/23 12:0 a.m.5 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.5AI score0.00359EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/23 12:0 a.m.3 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.12 views

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/04/23 12:0 a.m.13 views

LangSmith Client SDKs 信息泄露漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/23 12:0 a.m.10 views

JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from the product’s editing module being vulnerable to SQL injection attacks...

9.8CVSS5.9AI score0.00359EPSS
Exploits1References2
cve
cve
added 2026/04/23 12:0 a.m.11 views

CVE-2025-50229

CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...

9.8CVSS5.8AI score0.00359EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/04/23 12:0 a.m.30 views

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

0.00359EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/04/21 7:23 p.m.9 views

CVE-2026-23753

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...

4.8CVSS5.7AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder