Lucene search
K

10271 matches found

EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203653

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

6AI score0.00096EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 3:15 p.m.2 views

CVE-2025-68243

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

5.7AI score0.00096EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/16 2:21 p.m.26 views

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

0.00096EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 2:21 p.m.18 views

CVE-2025-68243

The CVE affects the Linux kernel NFS client TLS/X.509 handling in nfs_match_client(). When RPC_XPRTSEC_TLS_X509 is used, the cert_serial and privkey_serial fields must match to validate the client identity; otherwise, there can be unintended session reuse. The issue has been resolved in the Linux...

6.1AI score0.00096EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 2:21 p.m.6 views

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

6.3AI score0.00096EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 1:43 p.m.5 views

CVE-2025-68189 drm/msm: Fix GEM free for imported dma-bufs

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...

6.4AI score0.00155EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.2 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

5.6AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51771

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software contains a Cross Site Scripting XSS issue within the product management functionality. Malicious payloads entered into the "Product Name" and "Short Description" fields are saved in the backe...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields ne...

5.8AI score0.00096EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.5 views

WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin User Extra Fields versions = 16.8...

5.3CVSS7AI score0.00187EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013541)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

5.4CVSS6.1AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013442)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

5.4CVSS6.1AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.1 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013343)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013244)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012948)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012849)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

5.4CVSS6.1AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012750)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

5.4CVSS6.1AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 7:59 a.m.12 views

CVE-2025-9207

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

5.3CVSS6.4AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203242

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00373EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203184

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.3AI score0.00312EPSS
Exploits0References4
Rows per page
Query Builder