Lucene search
K

292 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:39 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

8.7CVSS9.2AI score0.00759EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2025/08/15 12:47 a.m.9 views

WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Directory Pro versions = 2.5.5...

7.1CVSS6.2AI score0.00228EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33095

Name of the Vulnerable Software and Affected Versions: Sysax Multi Server versions prior to 5.55 Description: Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker provides an overly long username during authentication, the serv...

9.8CVSS6.7AI score0.0284EPSS
Exploits1References10
OSV
OSV
added 2025/07/21 10:15 a.m.5 views

UBUNTU-CVE-2025-49656

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

7.5CVSS5.7AI score0.01401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/04 9:19 a.m.18 views

CVE-2025-5438

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads ...

8.8CVSS7.3AI score0.31144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/03 5:19 p.m.8 views

CVE-2025-5404

A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the argument Search leads to denial of service...

5.3CVSS6.9AI score0.00698EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.5 views

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS4.9AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:39 a.m.12 views

CVE-2023-29095

Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...

7.6CVSS8AI score0.00697EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 p.m.5 views

CVE-2022-41554

Stored Cross-Site Scripting XSS vulnerability in John West Slideshow SE plugin = 2.5.5 versions...

5.4CVSS4.3AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.16 views

CVE-2020-14555

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

4.7CVSS5.7AI score0.00985EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:15 a.m.8 views

CVE-2019-13235

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

6.1CVSS6AI score0.02904EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.8 views

CVE-2017-11197

In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option...

7.8CVSS7.4AI score0.00985EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:59 p.m.8 views

CVE-2025-32271 WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5...

4.3CVSS7.2AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2025/03/17 6:15 p.m.9 views

CVE-2024-49559

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS5.9AI score0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.7 views

PT-2025-6949

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist OS Recovery versions prior to 5.5.13.1 Description: The issue concerns a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary fil...

7.8CVSS6.2AI score0.00167EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/01/18 8:0 a.m.8 views

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

...

6.5CVSS6.5AI score0.00452EPSS
Exploits0
OSV
OSV
added 2025/01/15 4:15 p.m.5 views

CVE-2024-56295

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6...

6.5CVSS7.3AI score0.00429EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 5:15 p.m.6 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

6.4CVSS5.8AI score
Exploits0References1
Veracode
Veracode
added 2024/09/23 4:48 p.m.13 views

Remote Code Execution

com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...

9.8CVSS6.9AI score0.00678EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.7 views

WordPress plugin Bit File Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

8.1CVSS8.3AI score0.02802EPSS
Exploits3References5
Rows per page
Query Builder