Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-41434

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 3:2 p.m.19 views

CVE-2026-44371

Open OnDemand (HPC portal) is affected prior to versions 4.0.11, 4.1.5, and 4.2.2. The issue allows specially crafted filenames to execute JavaScript in the file browser. The vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2. Impact is web/application-level, with JavaScript execution in the file...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.4 views

EUVD-2025-204785

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

5.3CVSS4.8AI score0.00715EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/30 6:31 p.m.4 views

EUVD-2025-37024

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5CVSS6.3AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2025/06/12 6:4 p.m.61 views

CVE-2025-43866

Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...

7.5CVSS6.3AI score0.0033EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:57 p.m.4 views

CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

5.4CVSS6.1AI score0.00741EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.5 views

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from the presence of arbitrary file uploads in the attach component and could lead to the execution of arbitrary code...

8.8CVSS6.8AI score0.00638EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.9 views

PT-2024-38966 · WordPress · Social Web Suite – Social Media Auto Post

Name of the Vulnerable Software and Affected Versions: The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress versions up to, and including, 4.1.11 Description: The issue concerns a Directory Traversal vulnerability, which allows unauthenticated attackers to...

7.5CVSS7.3AI score0.0096EPSS
Exploits0References13
OSV
OSV
added 2022/11/23 12:0 a.m.5 views

CVE-2022-38147

Silverstripe silverstripe/framework through 4.11 allows XSS issue 3 of 3...

5.4CVSS5.8AI score0.00516EPSS
Exploits0References6
OSV
OSV
added 2021/10/11 8:15 a.m.3 views

CVE-2021-41830

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...

7.5CVSS7.3AI score0.01346EPSS
Exploits0References2
OSV
OSV
added 2020/04/14 3:15 p.m.3 views

CVE-2020-9460

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable...

5.4CVSS5.8AI score0.01347EPSS
Exploits2References3
CNVD
CNVD
added 2019/10/12 12:0 a.m.2 views

WordPress mailchimp-for-wp plugin cross-site scripting vulnerability (CNVD-2019-35215)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mailchimp-for-wp is a plugin used to send e-mail to subscribers. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
OSV
OSV
added 2019/09/03 3:15 p.m.1 views

DEBIAN-CVE-2019-10197

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directorie...

9.1CVSS6.8AI score0.03182EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.5 views

UBUNTU-CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...

9.8CVSS7.4AI score0.02148EPSS
Exploits0References4
Rows per page
Query Builder