Lucene search
K

64 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/25 5:15 a.m.5 views

"FOD" App uses hard-coded cryptographic keys

Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...

5.1CVSS4.7AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.4 views

CVE-2025-11446

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...

7.3CVSS6.9AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 9:15 a.m.5 views

CVE-2025-11446

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...

7.3CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 11:3 a.m.12 views

CVE-2025-12953

Summary (CVE-2025-12953): The WordPress plugin “Classified Listing – AI-Powered Classified ads & Business Directory Plugin” has a data-modification vulnerability due to a missing capability check in rtcl_ajax_add_listing_type, rtcl_ajax_update_listing_type, and rtcl_ajax_delete_listing_type. Affe...

4.3CVSS4.6AI score0.00217EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/11 1:25 a.m.7 views

WordPress Classified Listing plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering vulnerability

Missing Authorization to Authenticated Subscriber+ Listing Types Tampering vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Classified Listing versions = 5.2.0...

4.3CVSS6.7AI score0.00217EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 9:58 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an open redirect attack due to the Eclipse Jetty package (CVE-2024-6763)

Summary Eclipse Jetty is used by DataStage on Cloud Pak for Data as part of the server processing functionality. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI,...

5.3CVSS6.6AI score0.00986EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2025/09/03 8:41 p.m.4 views

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1461 more potentially affected by CVE-2025-57833 via django (>=5.2.0 <=5.2.5)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-57833 Source advisory: SNYK:PYTHON-DJANGO-12485156...

8.1CVSS7.3AI score0.15602EPSS
Exploits4
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.5 views

Honeywell Experion PKS 安全漏洞

Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...

7.5CVSS6.5AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2025/06/12 2:15 a.m.4 views

CVE-2025-6007

A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

7.2CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2025/06/12 2:15 a.m.3 views

CVE-2025-6005

A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument...

7.2CVSS5.7AI score0.00343EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.6 views

like-girl 安全漏洞

like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from the parameter...

7.2CVSS5.5AI score0.00343EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/20 12:51 p.m.23 views

CVE-2025-40635 SQL injection at Comerzzia

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...

9.3CVSS0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...

7.5CVSS6.7AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...

7.4CVSS6.7AI score0.00324EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/08 6:30 a.m.3 views

cg-django-uaa (=2.1.9), django-admin-flexlist (>=0.1.0 <=1.0.3) +11 more potentially affected by CVE-2025-32873 via django (>=5.2.0 <=5.2.0rc1)

django PYPI version =5.2.0, =0.1.0, =1.92.0.5, =4.2.0, =3.0.0, =0.1.0, =5.2.0, =1.0.0, =0.103.0, =1.2.4, =1.2.7 Source cves: CVE-2025-32873 Source advisory: OSV:GHSA-8J24-CJRQ-GR2M...

5.3CVSS6.6AI score0.14243EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.5 views

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from authenticated Remote Code Execution RCE via the Active Process Command feature...

7.2CVSS7.2AI score0.00749EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/12/26 10:15 p.m.4 views

faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:PYSEC-2023-248...

6.1CVSS6.3AI score0.01079EPSS
Exploits1
CNNVD
CNNVD
added 2023/11/18 12:0 a.m.4 views

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Product Name field...

6.1CVSS7AI score0.00463EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/18 12:0 a.m.6 views

PT-2023-27651 · Opencrx · Opencrx

Name of the Vulnerable Software and Affected Versions: OpenCRX version 5.2.0 Description: The issue allows for HTML injection via the Accounts Name Field. Recommendations: For OpenCRX version 5.2.0, update to a version that fixes this issue. At the moment, there is no information about a newer...

6.1CVSS6.2AI score0.00463EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/07/19 10:8 p.m.3 views

cloud.piranha.extension:piranha-extension-hazelcast (>=22.12.0 <=23.4.0), cloud.piranha:debug (>=22.12.0 <=23.1.0) +201 more potentially affected by CVE-2023-33265 via com.hazelcast:hazelcast (>=5.2.0 <=5.2.3)

com.hazelcast:hazelcast MAVEN version =5.2.0, =22.12.0, =22.12.0, =23.1.0 - cn.vertxup:aeon-ambient =0.9.0 - cn.vertxup:aeon-aurora =0.9.0 - cn.vertxup:aeon-code =0.9.0 - cn.vertxup:aeon-cosmos =0.9.0 - cn.vertxup:aeon-ecology =0.9.0 - cn.vertxup:aeon-edge =0.9.0 - cn.vertxup:aeon-eternal =0.9.0 ...

8.8CVSS7.2AI score0.0057EPSS
Exploits0
Rows per page
Query Builder