Lucene search
K

291 matches found

OSV
OSV
added 2025/12/05 5:32 p.m.8 views

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

3.5CVSS6.7AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/05 4:49 p.m.6 views

EUVD-2025-201445

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.2AI score0.00118EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.7 views

Nextcloud Mail 跨站脚本漏洞

Nextcloud Mail is an email from Nextcloud Germany. A cross-site scripting vulnerability exists in versions of Nextcloud Mail prior to 5.5.3, which stems from the presence of stored HTML injection in mailing lists, which could lead to HTML injection attacks...

5.4CVSS6AI score0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 5:32 p.m.23 views

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

5.8CVSS0.00334EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49106

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

4.8CVSS5.5AI score0.00239EPSS
Exploits1References5
NVD
NVD
added 2025/11/21 3:15 p.m.14 views

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 12:29 p.m.4 views

CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.5.2...

6AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/11/20 8:16 p.m.7 views

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...

5.4CVSS0.0038EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46440

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5, 19.5.5 and earlier Description The software contains a Use After Free issue that may lead to arbitrary code execution with the privileges of the current user. Successful exploitation requires a user to open a...

7.8CVSS7.4AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2025/11/07 4:15 p.m.6 views

CVE-2025-53412

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

6.5CVSS0.00413EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/07 5:12 a.m.7 views

EUVD-2025-38242

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting XSS,specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containi...

8.6CVSS5.9AI score0.00221EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.5 views

ClipBucket V5 安全漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A security vulnerability exists in ClipBucket V5 5.5.2-146 and prior versions, which stems from the Manage Photos feature mishandling the Photo Title parameter, which could lead to a stored cross-site scripting attack...

8.6CVSS5.8AI score0.00251EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.9 views

PT-2025-45443

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5018 Description A flaw exists where a remote attacker, having obtained a user account, could potentially trigger a denial-of-service DoS attack due to a NULL pointer dereference. Recommendations Update t...

5.3CVSS6.4AI score0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44614

Name of the Vulnerable Software and Affected Versions SeventhQueen Kleo versions prior to 5.5.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...

7.5CVSS6.4AI score0.00381EPSS
Exploits0References5
NVD
NVD
added 2025/10/29 4:15 a.m.5 views

CVE-2025-57931

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 5.5.4...

5.3CVSS0.00125EPSS
Exploits0References1
OSV
OSV
added 2025/10/28 3:16 p.m.4 views

AZL-69568 CVE-2025-61104 affecting package frr for versions less than 8.5.5-5

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyunknowntlv function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

7.5CVSS5.8AI score0.00582EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.5 views

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

7.8CVSS4.9AI score0.00207EPSS
Exploits1References1
CVE
CVE
added 2025/10/27 2:32 a.m.25 views

CVE-2025-12205

Kamailio 5.5 is affected by a vulnerability in the function sr_push_yy_state (src/core/cfg.lex) that causes use-after-free. The issue requires local access to exploit. Public exploit exists, but the real-world existence of the vulnerability has been doubted in the sources. Connected advisories (R...

7.8CVSS4.8AI score0.00207EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/27 1:33 a.m.2 views

CVE-2025-62917 WordPress Tooltipy plugin <= 5.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.9...

6.5CVSS5.6AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 1:33 a.m.10 views

CVE-2025-62917 WordPress Tooltipy plugin <= 5.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.9...

6.5CVSS0.00186EPSS
Exploits0References1
Rows per page
Query Builder