Lucene search
+L

666 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1825

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0088EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-35513

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/09 6:31 p.m.7 views

Improper Encoding or Escaping of Output

Overview element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct...

8.7CVSS7.1AI score0.00215EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/09 6:31 p.m.4 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...

8.7CVSS7.1AI score0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/26 2:26 p.m.2 views

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

8.8CVSS7.1AI score0.00284EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.9 views

@luxiaodan/el-selection-tree-table (=1.0.3) potentially affected by unknown CVE via lodsah (=0.0.1-security)

lodsah NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on lodsah and may be impacted: - @luxiaodan/el-selection-tree-table =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25516...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2025/07/25 9:57 p.m.8 views

WordPress WoodMart - Multipurpose WooCommerce Theme plugin <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability

WordPress WoodMart - Multipurpose WooCommerce Theme plugin = 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability discovered by Samir El Khaouti in WordPress Theme WoodMart versions = 8.2.6...

5.3CVSS7AI score0.00319EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2025/07/03 12:52 p.m.8 views

Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

The "El Chapo" Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau's defenses against this kind of surveillance are still inadequat...

6.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/07/03 9:30 a.m.8 views

The Promise and Peril of Digital Security in the Age of Dictatorship

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks...

7.2AI score
Exploits0
OSV
OSV
added 2025/06/06 2:15 p.m.4 views

DEBIAN-CVE-2025-38001

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

5.5CVSS5.6AI score0.00369EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.4 views

Pepperl+Fuchs Profinet Gateway 访问控制错误漏洞

Pepperl+Fuchs Profinet Gateway is a series of gateways from Pepperl+Fuchs. An access control error vulnerability exists in Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and Profinet Gateway LB8122A.1.EL, which stems from the fact that an unauthenticated, remote attacker can access specific URLs to...

7.5CVSS6.7AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.3 views

Pepperl+Fuchs Profinet Gateway 跨站脚本漏洞

Pepperl+Fuchs Profinet Gateway is a series of gateways from Pepperl+Fuchs. A cross-site scripting vulnerability exists in Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and Profinet Gateway LB8122A.1.EL, which stems from improper input neutralization during web page generation and could lead to a...

6.1CVSS6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.7 views

CVE-2024-49232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in derethor El mejor Cluster mejorcluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through = 1.1.15...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.7 views

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

6.5CVSS6.7AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.12 views

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

6.1CVSS6AI score0.0088EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.8 views

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

9.8CVSS7.8AI score0.04821EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.8 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS6.9AI score0.01663EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:34 a.m.8 views

CVE-2017-13907

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...

6.8CVSS6AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.10 views

PT-2025-20921

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile EPMM versions 12.5.0.0 and prior Description A flaw exists in the API component of Ivanti Endpoint Manager Mobile EPMM that allows authenticated attackers to execute arbitrary code through crafted API requests...

9CVSS8.8AI score0.84796EPSS
Exploits10References205
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 6:35 p.m.41 views

Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-2024-40695, CVE-2024-51466)

Summary IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2024-40695 and an Expression Language EL Injection which could allow a remote attacker to explo...

9CVSS8.5AI score0.00598EPSS
Exploits0Affected Software1
Rows per page
Query Builder