Lucene search
K

39 matches found

Cvelist
Cvelist
added 2026/06/24 6:22 p.m.35 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42753

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

7.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/01/26 12:0 a.m.148 views

📄 Ivanti 11.10 MobileIron Vulnerability Scanner

This PHP-based scanner detects unauthenticated access vulnerabilities in Ivanti EPMM / MobileIron products. The issue allows attackers to retrieve sensitive user information via exposed API endpoints. Version 11.10 is affected...

10CVSS5.9AI score0.99999EPSS
Exploits14
NVD
NVD
added 2026/01/22 6:16 p.m.9 views

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

9.8CVSS0.00506EPSS
Exploits1References2
NVD
NVD
added 2025/12/19 1:16 a.m.14 views

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

9.8CVSS0.18047EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/19 4:58 p.m.9 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS0.00342EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.14 views

VulnCheck KEV: CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.6AI score0.00624EPSS
In wildExploits1References2
Patchstack
Patchstack
added 2025/01/07 10:42 p.m.2 views

WordPress Modula Image Gallery plugin <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by SavPhill Savphill in WordPress Plugin Modula Image Gallery versions = 2.11.10...

8.8CVSS7AI score0.00848EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/03 12:0 a.m.5 views

PT-2024-16494 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue was found in Tongda OA, affecting an unknown function of the file /pda/appcenter/check seal.php. The manipulation of the ID argument leads to SQL injection. It is possible to launch...

9.8CVSS7.2AI score0.00534EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.7 views

PT-2024-16436 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the ID argument leads to SQL injection. The...

9.8CVSS7.1AI score0.00686EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.4 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 6.50 through 11.10, which stems from the Guard Tour VAPIX API parameter that allows the use of arbitrary values...

6.5CVSS6.9AI score0.00391EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 8.40 through 11.10. An attacker exploiting the vulnerability could enumerate folder or file names on the local file system...

4.3CVSS6.5AI score0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.5 views

PT-2024-20639 · Unknown · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: BdThemes Prime Slider – Addons For Elementor versions 3.11.10 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices...

4.3CVSS9.4AI score0.0035EPSS
Exploits0References4
OSV
OSV
added 2024/02/06 5:15 p.m.3 views

CVE-2024-1252

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...

9.8CVSS5.5AI score0.00651EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.9 views

PT-2024-17638 · Unknown · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...

9.8CVSS6.4AI score0.00651EPSS
Exploits1References6
OSV
OSV
added 2023/12/08 3:15 p.m.5 views

CVE-2023-6611

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAILID leads to sql injection. The exploit has been disclosed to the public and may be used...

7.5CVSS5.5AI score0.00643EPSS
Exploits1References3
OSV
OSV
added 2023/11/15 12:15 a.m.4 views

CVE-2023-39337

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious...

9.1CVSS5.8AI score0.01897EPSS
Exploits0References1
OSV
OSV
added 2023/11/12 11:15 a.m.3 views

CVE-2023-6084

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...

9.8CVSS5.5AI score0.00873EPSS
Exploits1References3
OSV
OSV
added 2023/11/09 7:15 p.m.4 views

CVE-2023-6054

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to the public and may be used...

9.8CVSS5.5AI score0.00932EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...

9.8CVSS7.9AI score0.00723EPSS
Exploits1References4
Rows per page
Query Builder