Lucene search
K

13 matches found

Snyk
Snyk
added 2026/05/07 9:18 p.m.6 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

4.8CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/05/07 9:16 p.m.9 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...

6.9CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 3:44 p.m.3 views

CVE-2026-32983 SSL/TLS Renegotiation DoS in Wazuh Manager authd service

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

6.9CVSS5.9AI score0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28278

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

6.9CVSS5.9AI score0.00497EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28460

Name of the Vulnerable Software and Affected Versions wazuh-manager versions prior to 4.7.4 Description The authd service in Wazuh Manager contains an improper restriction of client-initiated SSL/TLS renegotiation. This allows remote attackers to cause a denial of service by sending excessive...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Wazuh versions 4.7.3 and earlier contain security vulnerabilities. These vulnerabilities...

7.5CVSS5.8AI score0.00497EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 6:1 a.m.3 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-21875

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/10/15 12:0 a.m.3 views

CVE-2017-15275

...

7.5CVSS6.4AI score0.21408EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. version 4.7.3 of Filebird Plugin has a security...

9.8CVSS5.8AI score0.02793EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/31 12:0 a.m.3 views

RebornCore library 代码问题漏洞

RebornCore library is a library of mods for Tech Reborn, including Tech Reborn, Quantum Storage, Fluxed Redstone, Hardcore Map Reset, and more. A remote code execution vulnerability exists in versions of the RebornCore library prior to 4.7.3, which can be exploited by an attacker to remotely...

9.8CVSS6.6AI score0.02839EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/22 12:0 a.m.3 views

Mattermost Server Input Validation Error Vulnerability (CNVD-2020-41175)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An input validation error vulnerability exists in Mattermost Server versions prior to 4.7.3. An attacker can exploit this vulnerability to cause a denial of service application crash with invalid...

7.5CVSS6.6AI score0.01114EPSS
Exploits0References1
OSV
OSV
added 2017/03/12 1:59 a.m.2 views

DEBIAN-CVE-2017-6817

In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...

5.4CVSS5.8AI score0.02094EPSS
Exploits0References1
Rows per page
Query Builder