Lucene search
K

10271 matches found

EUVD
EUVD
added 2025/12/12 12:30 a.m.3 views

EUVD-2024-55340

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and...

5.3CVSS5.3AI score0.00315EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55338

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

8.6CVSS6.9AI score0.00298EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-51023

Name of the Vulnerable Software and Affected Versions macOS Sequoia versions prior to 15.7.3 Description A flaw exists in FaceTime on macOS Sequoia that could lead to the unintentional revelation of password fields when remotely controlling a device. The issue was caused by inconsistent user...

6.5AI score0.00833EPSS
Exploits0References3
NVD
NVD
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58293

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

8.6CVSS0.00298EPSS
Exploits0References4
NVD
NVD
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58291

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and...

5.3CVSS0.00315EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 9:35 p.m.10 views

CVE-2024-58293

CVE-2024-58293 affects Akaunting 3.1.8 with a server-side template injection vulnerability. Authenticated administrators can inject template expressions into multiple form fields (items, taxes, transactions, vendor name), enabling arithmetic operations and string manipulations. Public sources in ...

8.6CVSS7AI score0.00298EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 9:35 p.m.16 views

CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

8.6CVSS0.00298EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:35 p.m.2 views

CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

8.6CVSS7AI score0.00298EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 9:35 p.m.19 views

CVE-2024-58291 Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and...

5.3CVSS0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 9:34 p.m.20 views

CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

5.3CVSS0.00214EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:34 p.m.2 views

CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

5.3CVSS5.8AI score0.00214EPSS
Exploits1References4
CVE
CVE
added 2025/12/11 9:34 p.m.7 views

CVE-2024-58289

CVE-2024-58289 describes a stored cross-site scripting (XSS) in Microweber 2.0.15, where an authenticated attacker can inject script payloads into user profile fields (notably the First Name) that execute when other users view the profile. Multiple connected sources confirm the vulnerability and ...

5.4CVSS5.8AI score0.00214EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/11 8:58 p.m.6 views

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS6.7AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.4 views

CVE-2025-64804

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.6 views

CVE-2025-64840

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.5 views

CVE-2025-64596

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.8 views

CVE-2025-64615

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.6 views

CVE-2025-64839

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.4 views

CVE-2025-64602

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.3 views

CVE-2025-64578

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder