Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.7 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 3:31 a.m.7 views

EUVD-2026-9358

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 2:15 a.m.4 views

CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 2:15 a.m.6 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/04 2:15 a.m.35 views

CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS0.00212EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...

7.6CVSS7.1AI score0.00331EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2021-11037

Malware in sbrugna...

7.2CVSS7AI score0.01647EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51182

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.9 views

CVE-2021-24123

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...

7.2CVSS7AI score0.01647EPSS
Exploits2References1
Microsoft Secure
Microsoft Secure
added 2025/04/09 4:0 p.m.14 views

How cyberattackers exploit domain controllers using ransomware

In recent years, human-operated cyberattacks have undergone a dramatic transformation. These attacks, once characterized by sporadic and opportunistic attacks, have evolved into highly sophisticated, targeted campaigns aimed at causing maximum damage to organizations, with the average cost of a...

8.2AI score
Exploits0
NVD
NVD
added 2024/12/23 11:15 a.m.12 views

CVE-2024-12902

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default...

8.4CVSS0.00166EPSS
Exploits0References2
OSV
OSV
added 2022/03/30 8:15 p.m.4 views

CVE-2021-45031

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

7.7CVSS5.8AI score0.0075EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.6 views

PT-2022-15016 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect...

8.8CVSS6.6AI score0.97795EPSS
Exploits15References46
The Hacker News
The Hacker News
added 2021/04/06 1:43 p.m.5 views

Watch Out! Mission Critical SAP Applications Are Under Active Attack

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common securit...

10CVSS8AI score0.94719EPSS
Exploits6
NVD
NVD
added 2021/03/18 3:15 p.m.15 views

CVE-2021-24123

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...

7.2CVSS0.01647EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.6 views

The vulnerabilities of Cisco Firepower Management Center’s network management software, related to the rigid encoding of registration data, allow attackers to gain full access to the system.

The vulnerability of Cisco Firepower Management Center’s network management software is related to the rigid coding of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to gain full access to the system using a high-privilege account...

10CVSS7.5AI score0.00959EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/04/16 12:0 a.m.2 views

Microsoft Windows Media Foundation Buffer Overflow Vulnerability (CNVD-2020-26243)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Media Foundation is one of the multimedia application libraries. A buffer overflow...

9.3CVSS7.1AI score0.05037EPSS
Exploits0References1
Rows per page
Query Builder