Lucene search
+L

54 matches found

Cvelist
Cvelist
added 2025/01/13 8:59 p.m.43 views

CVE-2025-22613 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

6.4CVSS0.00346EPSS
Exploits1References2
Veracode
Veracode
added 2025/01/13 1:49 a.m.11 views

Arbitrary File Deletion

github.com/siyuan-note/siyuan is vulnerable to Arbitrary file deletion. The vulnerability is due to a lack of proper safeguards in the POST /api/history/getDocHistoryContent endpoint, which allows maliciously crafted payloads to trigger the deletion of arbitrary files on the server...

9.1CVSS6.7AI score0.00589EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/01/08 7:15 p.m.36 views

CVE-2025-22140

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

9.4CVSS0.00685EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.5 views

PT-2025-3338 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions prior to 1.5.0 Description: The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64...

9.8CVSS6.4AI score0.00865EPSS
Exploits1References9
Citrix
Citrix
added 2024/04/02 12:0 a.m.9 views

NITRO API commands not working, request times out.

NITRO API endpoint is not working, the requests sent to the NSIP timeout without a response...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.5 views

PT-2024-4534

Name of the Vulnerable Software and Affected Versions: ZenML Server versions prior to 0.46.7 ZenML Server versions 0.44.4, 0.43.1, and 0.42.2 are patched and not vulnerable, so the actual vulnerable range is any version before 0.46.7, excluding the mentioned patched versions. However, since 0.44....

8.8CVSS7AI score0.70581EPSS
Exploits1References22
Vulnrichment
Vulnrichment
added 2023/04/05 5:40 p.m.9 views

CVE-2022-4937

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

6.3CVSS8.4AI score0.00643EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.5 views

PT-2023-17078 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...

4.3CVSS4.4AI score0.00464EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.6 views

Priority Web 授权问题漏洞

Priority Window Glass Priority Web is a web site from Priority Window Glass, Inc. A security vulnerability exists in Priority Web version 19.1.0.68, which stems from an authentication bypass due to incorrect operation of an unspecified endpoint parameter...

9.8CVSS8.2AI score0.00688EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.4 views

PT-2022-22511 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A segmentation violation was discovered in OTFCC via the /release-x64/otfccdump+0x703969 endpoint. Recommendations: For OTFCC commit 617837b, consider restricting access to the /release-x64/otfccdump+0x703969...

6.5CVSS6.2AI score0.00732EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.5 views

PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...

10CVSS9.4AI score0.86194EPSS
Exploits5References25
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.6 views

PT-2022-16224 · Ece · Ece

Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...

6.5CVSS6.3AI score0.00675EPSS
Exploits0References3
Citrix
Citrix
added 2019/02/18 12:0 a.m.9 views

Error: "The underlying connection was closed..." when querying the Monitor Service OData endpoint

Clients that attempt to access data OData or other Citrix Services with TLS versions 1.0 and 1.1 fail to establish a connection. Clients using .NET Framework may raise the following error: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/09/10 4:16 p.m.16 views

Valve: [help.steampowered.com] Account takeover bruteforcing SteamGuard

Due to a missing protection on a support endpoint, email verification codes could be bruteforced - leading to possible account takeover. The endpoint issue has been corrected...

3.3AI score
Exploits0
Rows per page
Query Builder