Lucene search
+L

181 matches found

CVE
CVE
added 2025/08/26 3:37 p.m.40 views

CVE-2025-57810

CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...

8.7CVSS7.1AI score0.00658EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/18 5:6 p.m.16 views

CVE-2025-55291 Shaarli allows reflected XSS via searchtags parameter

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting XSS vulnerability. This vulnerability is fixed in 0.15.0...

7.1CVSS0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/04 9:24 a.m.10 views

CVE-2025-24331

The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...

6.4CVSS6.5AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.9 views

PT-2025-32: Authentication bypass in NetScaler ADC

The discovered vulnerability in NetScaler ADC allows an attacker to bypass the authentication proceduce. The affected products: NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56 NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32 NetScaler ADC 13.1-FIPS and NDcPP BEFORE...

8.8CVSS7.4AI score0.03653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30639

Archer Platform 6.8 before 6.12 P6 HF1 6.12.0.6.1 contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 6.11.0.4 is also a fixed release...

7.1CVSS5.2AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:40 a.m.11 views

CVE-2023-45357

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...

6.5CVSS6.1AI score0.00457EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.7 views

CVE-2023-45358

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...

8.5CVSS5.2AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:38 a.m.19 views

CVE-2019-19610

An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0...

5.8CVSS7AI score0.00873EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/04/24 11:44 a.m.7 views

CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

7.5CVSS7AI score0.0079EPSS
Exploits0
NVD
NVD
added 2025/04/03 8:15 p.m.30 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS0.02402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 11:18 a.m.8 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...

7.3CVSS5.2AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 1:34 p.m.59 views

CVE-2024-11623

CVE-2024-11623 : Authentik is vulnerable to a Stored XSS via uploading crafted SVG files used as application icons. The issue requires an authenticated admin user and was fixed in 2024.10.4. Affected versions are prior to 2024.10.4; upgrade to 2024.10.4 or later to remediate. Workarounds include ...

4.8CVSS5.7AI score0.00286EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/03 9:28 p.m.6 views

CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...

4.3CVSS6.8AI score0.00321EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-5183 · Unknown · Genkisan Genki Announcement

Name of the Vulnerable Software and Affected Versions: Genkisan Genki Announcement versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be done by tricking the...

7.1CVSS9.4AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-5195 · Nuanced Media · Wp Meetup

Name of the Vulnerable Software and Affected Versions: WP Meetup versions 2.3.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in Nuanced Media WP Meetup, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP...

5.4CVSS9.4AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.5 views

PT-2025-3174 · Unknown · Greg Priday Simple Proxy

Name of the Vulnerable Software and Affected Versions: Greg Priday Simple Proxy versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables an attacker to inject...

7.1CVSS8.9AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-12240 · Unknown · Featured Post Creative +1

Name of the Vulnerable Software and Affected Versions: Featured Post Creative versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative, which allows exploiting incorrectly configured access...

5.3CVSS9.4AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.3 views

PT-2024-34934 · Codesnips · Codesnips

Name of the Vulnerable Software and Affected Versions: codeSnips versions n/a through 1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject malicio...

6.5CVSS5.9AI score0.00352EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/11/07 9:8 a.m.21 views

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

10CVSS7.9AI score0.03146EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.4 views

PT-2024-33407 · Unknown · Sunburntkamel Disconnected

Name of the Vulnerable Software and Affected Versions: sunburntkamel disconnected versions n/a through 1.3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a Reflected XSS vulnerability, which affec...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References7
Rows per page
Query Builder