Lucene search
K

29 matches found

EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-40454

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7364

Malware in sbrugna...

9.1CVSS9.3AI score0.02058EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7362

Malware in sbrugna...

10CVSS9.5AI score0.07659EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7361

Malware in sbrugna...

7.8CVSS7.6AI score0.01868EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7363

Malware in sbrugna...

9.1CVSS9.3AI score0.02505EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2024/05/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

6.1CVSS6.4AI score0.01188EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/04 12:0 a.m.4 views

xxl-job cross-site scripting vulnerability

xxl-job is a distributed task scheduling platform with core design goals of rapid development, simple learning, lightweight, and easy scalability. xxl-job 2.2.0 suffers from a cross-site scripting vulnerability that can be exploited to inject arbitrary Web script or HTML via the AppName and...

6.1CVSS6AI score0.01188EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/09/03 12:0 a.m.4 views

PT-2020-15584

Name of the Vulnerable Software and Affected Versions: xxl-job version 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the AppName and AddressList parameters in the...

6.1CVSS6.1AI score0.01188EPSS
Exploits1References7
NVD
NVD
added 2018/09/07 10:29 p.m.18 views

CVE-2018-15485

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...

9.1CVSS9.4AI score0.02505EPSS
Exploits2References2
NVD
NVD
added 2018/09/07 10:29 p.m.17 views

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

9.1CVSS9.3AI score0.02058EPSS
Exploits3References2
OSV
OSV
added 2018/09/07 10:29 p.m.1 views

CVE-2018-15484

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2018/09/07 10:29 p.m.4 views

CVE-2018-15483

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

7.5CVSS5.8AI score0.01868EPSS
Exploits2References2
NVD
NVD
added 2018/09/07 10:29 p.m.23 views

CVE-2018-15483

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

7.8CVSS7.6AI score0.01868EPSS
Exploits2References2
NVD
NVD
added 2018/09/07 10:29 p.m.21 views

CVE-2018-15484

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

10CVSS9.8AI score0.07659EPSS
Exploits2References2
OSV
OSV
added 2018/09/07 10:29 p.m.2 views

CVE-2018-15485

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...

9.1CVSS5.8AI score0.02505EPSS
Exploits2References2
OSV
OSV
added 2018/09/07 10:29 p.m.3 views

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

9.1CVSS5.8AI score0.02058EPSS
Exploits3References2
Prion
Prion
added 2018/09/07 10:29 p.m.13 views

Open redirect

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04...

7.8CVSS7.6AI score0.01868EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2018/09/07 10:29 p.m.18 views

Remote code execution

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01...

10CVSS9.7AI score0.07659EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2018/09/07 10:29 p.m.13 views

Authentication flaw

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...

6.4CVSS9.3AI score0.02505EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2018/09/07 10:29 p.m.18 views

Open redirect

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

6.4CVSS9.2AI score0.02058EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder