Lucene search
K

330 matches found

CVE
CVE
added 2026/02/01 12:15 p.m.23 views

CVE-2021-47917

CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...

6.4CVSS5.9AI score0.00289EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.9 views

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis prior to 1.7.0 contain security vulnerabilities. These vulnerabilities stem from...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/13 2:31 p.m.5 views

CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...

8.4CVSS7.7AI score0.25389EPSS
Exploits0References4
CVE
CVE
added 2026/01/13 2:26 p.m.23 views

CVE-2025-13444

The CVE-2025-13444 family concerns OS Command Injection / Remote Code Execution in Progress Software Kemp LoadMaster. Connected ZDI advisories detail multiple command-injection flaws in LoadMaster commands (delapikey, getcipherset, listapikeys, delcert, addapikey) where unsanitized user data is p...

8.4CVSS7.7AI score0.25389EPSS
Exploits0References4Affected Software5
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.11 views

CVE-2018-18325

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS6.8AI score0.74048EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.19 views

CVE-2020-12487

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege...

7CVSS7.2AI score0.00266EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/01/08 3:23 p.m.7 views

CVE-2025-67858

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

7CVSS5.3AI score0.00171EPSS
Exploits0
NVD
NVD
added 2025/12/23 8:15 p.m.5 views

CVE-2021-47716

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS0.00194EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/23 7:35 p.m.2 views

CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS6.3AI score0.00194EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:35 p.m.11 views

CVE-2021-47716

Orangescrum 1.8.0 is affected by multiple cross-site scripting (XSS) vulnerabilities exposed via authenticated endpoints. The issue arises from insufficient validation of inputs such as projid, CS_message, and name, allowing an attacker to inject arbitrary JavaScript into victims’ browsers by sub...

5.4CVSS6.3AI score0.00194EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-52828

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description The application has multiple cross-site scripting issues that permit authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters such as projid, C...

5.4CVSS6.5AI score0.00194EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unvalidated user queue input parameters...

6.2AI score0.00183EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/03 7:46 p.m.4 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via exposed input parameters. An administrator can execute arbitrary JavaScript code in the context of the user's...

6.1CVSS5.5AI score0.0022EPSS
Exploits1References2
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23555)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:37 p.m.8 views

CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

8.1CVSS0.00379EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-8877

Malware in sbrugna...

9.8CVSS9.4AI score0.03596EPSS
Exploits4References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-9317

Malware in sbrugna...

9.9CVSS9.2AI score0.04383EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-8102

Malware in sbrugna...

5.4CVSS5.5AI score0.00619EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1926

Malware in sbrugna...

9.3CVSS6.1AI score0.10263EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-1079

Malware in sbrugna...

7.5CVSS6.4AI score0.03754EPSS
Exploits1References8
Rows per page
Query Builder