Lucene search
K

18 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

nbconvert 路径遍历漏洞

nbconvert is a format conversion library from the Jupyter organization. It converts Jupyter .ipynb notebook files into other static formats, including HTML, LaTeX, PDF, Markdown, etc. Version 6.5 to 7.17.0 of nbconvert has a path traversal vulnerability. This vulnerability stems from the improper...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/30 12:31 a.m.11 views

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.5 views

CVE-2025-66291

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS6.5AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.6 views

CVE-2025-66290

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

5.3CVSS6.6AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2025/11/29 3:6 a.m.8 views

CVE-2025-66290 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

5.3CVSS6.5AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2025/11/29 3:6 a.m.16 views

CVE-2025-66289

Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...

8.8CVSS6.8AI score0.00241EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/03 5:15 a.m.3 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

9.8CVSS5.8AI score0.00565EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 4:15 a.m.4 views

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

9.8CVSS5.8AI score0.07887EPSS
Exploits3References4
OSV
OSV
added 2023/10/27 4:15 a.m.5 views

CVE-2023-45498

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...

9.8CVSS5.8AI score0.20477EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-8529 · Vinchin · Vinchin Backup & Recovery

Name of the Vulnerable Software and Affected Versions: VinChin Backup & Recovery versions 5.0. through 7.0. Description: The issue is related to hardcoded credentials in the software. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected...

9.8CVSS9.2AI score0.07887EPSS
Exploits3References17
OSV
OSV
added 2023/03/23 1:15 a.m.7 views

CVE-2023-28470

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...

5.3CVSS5.8AI score0.00629EPSS
Exploits0References4
OSV
OSV
added 2023/02/01 6:15 p.m.3 views

CVE-2023-22283

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacke...

6.5CVSS6.7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2022/06/13 11:15 p.m.5 views

CVE-2022-32192

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor...

7.5CVSS7.1AI score0.0088EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.6 views

Cloudera Manager 跨站脚本漏洞

Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. are vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via path parameters...

6.1CVSS5.2AI score0.00568EPSS
Exploits0References2
OSV
OSV
added 2017/06/14 1:29 p.m.4 views

CVE-2017-0643

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,...

5.5CVSS5.8AI score0.00662EPSS
Exploits0References3
CNVD
CNVD
added 2017/05/11 12:0 a.m.6 views

Samsung Information Disclosure Vulnerability

Samsung Android M and others is an Android smartphone from Samsung South Korea. A security vulnerability exists in Samsung mobile devices using Android L 5.0/5.1, M 6.0 and N 7.x versions. An attacker can exploit the vulnerability by reading log files to obtain sensitive information...

7.5CVSS6.7AI score0.01108EPSS
Exploits0References1
OSV
OSV
added 2016/12/29 9:59 a.m.3 views

CVE-2016-7087

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors...

5.3CVSS5.8AI score0.04362EPSS
Exploits0References3
OSV
OSV
added 2016/09/11 9:59 p.m.5 views

CVE-2016-3885

debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACEATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal b...

7.8CVSS5.8AI score0.01214EPSS
Exploits0References5
Rows per page
Query Builder