Lucene search
K

572 matches found

Vulnrichment
Vulnrichment
added 2026/01/20 2:50 p.m.4 views

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3600

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/12 2:5 a.m.5 views

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.22 views

PT-2026-8168

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 156 Description The Linux kernel contained a flaw in the net/mlx5e module related to Traffic Control TC steering flows. Specifically, the issue occurred during the deletion of TC steering flows, where the...

5.5CVSS6.4AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4661

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking scheduler, specifically within the sch qfq Stochastic Fairness Queueing component. The qfq change class function contains an error that can...

7.8CVSS6.8AI score0.00204EPSS
Exploits0
NVD
NVD
added 2025/12/17 11:16 p.m.9 views

CVE-2025-68143

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

8.8CVSS0.07822EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 10:9 p.m.7 views

CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

6.5CVSS6.8AI score0.07822EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 7:49 p.m.11 views

mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

8.8CVSS7AI score0.07822EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/11 9:15 p.m.6 views

CVE-2025-13663

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

6.7CVSS0.0008EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 8:35 p.m.12 views

CVE-2025-13663

CVE-2025-13663 concerns the Quartus Prime Pro Installer for Windows, where, under certain circumstances, the installer does not check the permissions of the target Quartus installation directory if the directory already exists. The issue is documented across multiple sources (NVD, Red Hat, CVE re...

6.7CVSS6.5AI score0.0008EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/11 8:35 p.m.3 views

EUVD-2025-202852

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

6.7CVSS6.4AI score0.0008EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/11 8:35 p.m.6 views

CVE-2025-13663 Quartus Prime Pro Edition Installer Advisory

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

6.7CVSS6.5AI score0.0008EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50725

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

6.7CVSS6.9AI score0.0008EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50301

Name of the Vulnerable Software and Affected Versions Elated Membership plugin for WordPress versions prior to 1.3 Description The Elated Membership plugin for WordPress is susceptible to Authentication Bypass in versions up to 1.2. The plugin does not properly log in a user when data is verified...

9.8CVSS6.2AI score0.00424EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.14 views

CVE-2025-13922

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS6.6AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 6:30 a.m.7 views

EUVD-2025-201512

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References5
NVD
NVD
added 2025/12/06 5:16 a.m.5 views

CVE-2025-13922

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS0.00258EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/06 4:37 a.m.3 views

CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS6.2AI score0.00258EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/06 4:37 a.m.16 views

CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS0.00258EPSS
Exploits0References5
CVE
CVE
added 2025/12/06 4:37 a.m.15 views

CVE-2025-13922

CVE-2025-13922 affects Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (WordPress plugin). Time-based blind SQL Injection via the existing_terms_orderby parameter in the AI preview AJAX endpoint allows authenticated contributors (with AI metabox permissions) to append SQL queries,...

6.5CVSS6.2AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder