Lucene search
K

20 matches found

CNNVD
CNNVD
added 2025/12/19 12:0 a.m.13 views

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor that stems from improperly cleaned input in the predefined text function, which could lead to stored cross-site scripting...

6.3CVSS6.1AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4971

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00502EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-2599

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0019EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2021-28347

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.05881EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.4 views

CVE-2025-6078

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note...

5.4CVSS5.7AI score0.00343EPSS
Exploits0References1
CVE
CVE
added 2025/07/31 2:56 p.m.15 views

CVE-2013-10034

CVE-2013-10034 affects Kaseya KServer versions prior to 6.3.0.2. The vulnerability is an unrestricted file upload via the vulnerable uploadImage.asp endpoint, allowing unauthenticated upload of files to arbitrary paths through a crafted filename in a multipart/form-data POST. A file with an .asp ...

9.3CVSS8.3AI score0.02289EPSS
Exploits0References4
NVD
NVD
added 2025/06/26 4:15 p.m.5 views

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

8.7CVSS0.00462EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/26 4:10 p.m.8 views

CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

8.7CVSS0.00462EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/14 12:0 a.m.1 views

WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.1AI score0.00238EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.9 views

CVE-2023-20114

A vulnerability in the file download feature of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability b...

6.5CVSS7AI score0.00505EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 9:38 a.m.39 views

CVE-2025-33024

CVE-2025-33024 affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, and RX5000 (all versions before V2.16.5). The tcpdump tool in the devices’ web interface is vulnerable due to missing server-side input sanitization, allowing an authenticated remote attacker to ex...

9.9CVSS8.2AI score0.01168EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/03/20 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-7355-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.1AI score0.00768EPSS
Exploits1References2
OSV
OSV
added 2022/12/21 11:15 p.m.3 views

CVE-2022-3183

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability...

9.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2019/06/18 2:0 p.m.58 views

CVE-2018-18879

CVE-2018-18879 concerns the Columbia Weather MicroServer firmware (MS_2.6.9900 and earlier) where an authenticated web user can pipe commands directly to the underlying OS because input in networkdiags.php is not sanitized. This is a code injection vulnerability with a CVSS v3 base score of 9.8 (...

8.8CVSS8.6AI score0.0205EPSS
Exploits0References2Affected Software1
Gentoo Linux
Gentoo Linux
added 2010/06/02 12:0 a.m.36 views

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL character CVE-2008-1066. The vendor reported that the...

10CVSS8.3AI score0.14117EPSS
Exploits1
exploitpack
exploitpack
added 2005/11/24 12:0 a.m.7 views

SoftBiz Web Hosting Directory Script 1.1 - review.php?sbres_id SQL Injection

SoftBiz Web Hosting Directory Script 1.1 - review.php?sbresid SQL Injection source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplie...

8.6AI score
Exploits0
exploitpack
exploitpack
added 2005/03/23 12:0 a.m.22 views

Vortex Portal 2.0 - content.php?act Remote File Inclusion

Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/12/02 12:0 a.m.26 views

[SA13357] Serendipity "searchTerm" Cross-Site Scripting Vulnerability

TITLE: Serendipity "searchTerm" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA13357 VERIFY ADVISORY: http://secunia.com/advisories/13357/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Serendipity 0.x http://secunia.com/product/3969/ DESCRIPTION:...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2004/09/05 12:0 a.m.14 views

PSNews 1.1 - No Cross-Site Scripting

PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.24 views

CVSTrac filediff Arbitrary Remote Code Execution

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. Nessus has determined the vulnerability...

7.5CVSS5.6AI score0.13991EPSS
Exploits1References5
Rows per page
Query Builder