Lucene search
K

216 matches found

Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.10 views

PT-2025-19339 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/edit-ambulance.php. The manipulation of the dconnum argument leads to SQL injection...

9.8CVSS7.5AI score0.00412EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.7 views

PT-2025-18865 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.0-rc1-00004-g703695902cfa Description: A vulnerability in the Linux kernel has been identified, where the inconsistency between i size and i disksize can trigger a kernel warning when the boot loader inode i...

8.8CVSS7.5AI score0.0129EPSS
Exploits3References653
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.6 views

PT-2025-15738 · Bhoogterp · Bhoogterp

Name of the Vulnerable Software and Affected Versions: bhoogterp Scheduled versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application,...

7.1CVSS7.4AI score0.00191EPSS
Exploits0References4
ICS
ICS
added 2025/03/26 12:30 a.m.14 views

ABB Low Voltage DC Drives and Power Controllers CODESYS RTS

SUMMARY CODESYS group published several vulnerabilities regarding the CODESYS Runtime System, which is included in the firmware of ABB LV DC drives and power controllers. It is used to implement a selection of features and to provide IEC 611131-3 programming capabilities. These vulnerabilities...

7.6AI score
Exploits0References11
ICS
ICS
added 2025/03/04 7:0 a.m.18 views

Carrier Block Load

RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

7.8CVSS8AI score0.00356EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/03/01 12:0 a.m.6 views

PT-2025-9147 · WordPress · Fluent Support

Name of the Vulnerable Software and Affected Versions: The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress versions up to, and including, 1.8.5 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the...

7.5CVSS9.3AI score0.00399EPSS
Exploits0References10
OSV
OSV
added 2025/02/26 1:55 a.m.8 views

CVE-2022-49201 ibmvnic: fix race between xmit and reset

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...

4.7CVSS5.1AI score0.00169EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/02/21 3:38 p.m.344 views

Exploit for OS Command Injection in Wago Compact_Controller_100_Firmware

wagoexploit.py - PoC Exploit for CVE-2023-1698 !WAGOhttp...

9.8CVSS9.5AI score0.81911EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/02/06 3:26 a.m.8 views

CVE-2021-44678

An issue 2 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

9.8CVSS6.9AI score0.01813EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.3 views

PT-2024-10475 · Gstreamer +10 · Gstreamer +10

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from...

10CVSS6.8AI score0.01344EPSS
Exploits1References249
RedhatCVE
RedhatCVE
added 2024/12/06 7:41 a.m.27 views

CVE-2024-52798

A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Mitigation Avoid using two parameters within a single path segment when the separato...

5.3CVSS6.4AI score0.00932EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.2 views

PT-2024-9983 · Autodesk · Autodesk Navisworks

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: A maliciously crafted DWFX file, when parsed...

7.8CVSS6.9AI score0.00369EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.18 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2024-045 (ALASECS-2024-045)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30070 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was discovered in Pligg CMS. The vulnerability is exploited via the /admin/domain management.php endpoint with specific parameters, including id, list, and remove...

8.8CVSS8.7AI score0.00246EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.8 views

PT-2024-37976 · Pdf.Js +1 · Pdf.Js +1

Name of the Vulnerable Software and Affected Versions: SiYuan version 3.1.0 Description: A vulnerability has been found in the PDF Handler component, specifically in the file PDF.js, which can lead to cross-site scripting. The attack can be launched remotely. The issue affects an unknown...

5.4CVSS3.7AI score0.00361EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.6 views

PT-2024-34106 · WordPress · Cm Wordpress Search/Replace Plugin

Name of the Vulnerable Software and Affected Versions: CM WordPress Search And Replace Plugin versions prior to 1.3.9 Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF...

6.5CVSS6.3AI score0.00224EPSS
Exploits1References4
CVE
CVE
added 2024/06/10 9:35 p.m.49 views

CVE-2024-37169

CVE-2024-37169 affects the self-hosted tool @jmondi/url-to-png. Versions before 2.0.3 are vulnerable to arbitrary file read when an attacker leverages Playwright’s screenshot feature to abuse the file wrapper. The issue is mitigated in version 2.0.3, which enforces input URLs to be http/https. Th...

5.3CVSS5.2AI score0.00529EPSS
Exploits0References5
Arista
Arista
added 2024/05/24 12:0 a.m.49 views

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in respon...

7.4CVSS7.3AI score0.00716EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/06 6:36 a.m.10 views

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

5.3CVSS6.5AI score0.00545EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.360 views

WBCE 1.6.0 - Unauthenticated SQL injection

Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...

9.8CVSS9.8AI score0.06096EPSS
Exploits3
Rows per page
Query Builder