Lucene search
K

38 matches found

CVE
CVE
added 2026/06/26 3:39 p.m.16 views

CVE-2026-9639

CVE-2026-9639 describes a nil-pointer dereference in LXD’s CreateCustomVolumeFromBackup. On Linux, affected versions are up to 6.8 and 5.21. An authenticated user with the ability to can_create_storage_volumes can trigger a denial of service by supplying a specially crafted custom-volume backup t...

6.5CVSS5.7AI score0.00389EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/17 7:3 p.m.5 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.2AI score0.04151EPSS
Exploits3References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.7 views

ChurchCRM 代码注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...

10CVSS6.4AI score0.04151EPSS
Exploits3References1
CVE
CVE
added 2025/11/26 2:1 a.m.13 views

CVE-2025-66026

CVE-2025-66026 is a reflected XSS in REDAXO CMS (pre-5.20.1) affecting the Mediapool view where args[types] is echoed into an info banner without escaping. The root cause is lack of HTML-escaping when rendering the value, allowing an authenticated user to trigger arbitrary JavaScript execution in...

6.1CVSS5.4AI score0.00228EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2025/11/21 10:12 p.m.8 views

CVE-2025-11934

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...

2.7CVSS5.2AI score0.0015EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28766

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00204EPSS
Exploits0References4
OSV
OSV
added 2025/10/02 9:15 p.m.4 views

GHSA-472F-VMF2-PR3H Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

7.1CVSS7.1AI score0.00541EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/10/02 9:15 p.m.7 views

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

7.1CVSS7.1AI score0.00541EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.10 views

CVE-2023-2322

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...

5.4CVSS5.9AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2025/03/19 5:15 p.m.3 views

CVE-2024-53969

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...

5.4CVSS6.1AI score0.00326EPSS
Exploits0References1
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Medium: openssl

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

4.1CVSS6.2AI score0.00601EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/01/21 4:6 a.m.3 views

SUSE CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

5.9CVSS6AI score0.00601EPSS
Exploits0References19
OSV
OSV
added 2024/12/10 10:15 p.m.3 views

CVE-2024-52860

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

5.4CVSS6AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.4 views

CVE-2024-52854

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.2 views

CVE-2024-52850

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.3 views

CVE-2024-52831

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitatio...

3.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.2 views

CVE-2024-43751

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.3 views

CVE-2024-43750

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 10:15 p.m.4 views

CVE-2024-43725

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.2 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

5.4CVSS5.4AI score0.00477EPSS
Exploits0References1
Rows per page
Query Builder