Lucene search
K

481 matches found

Vulnrichment
Vulnrichment
added 2025/11/05 4:32 p.m.3 views

CVE-2025-20289

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

4.8CVSS6.5AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 3:15 p.m.4 views

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

7.2CVSS8.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.5 views

PT-2025-45125

Name of the Vulnerable Software and Affected Versions Cisco ISE and Cisco ISE-PIC affected versions not specified Description The web-based management interface of Cisco ISE and Cisco ISE-PIC contains weaknesses that could allow an authenticated, remote attacker to perform a reflected Cross-Site...

5.4CVSS6.3AI score0.03521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/04 11:7 p.m.13 views

CVE-2021-47698

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting XSS via the Core UI’s Views URL handling escapestring. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

5.4CVSS6.2AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2023-7313

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.0044EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 9:52 p.m.2 views

CVE-2023-7315 Nagios XI < 5.11.3 XSS via Graph Explorer

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00468EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/24 12:0 a.m.2 views

CVE-2025-60938

Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baudrate,...

8.3AI score0.00556EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.10 views

PT-2025-43628

Name of the Vulnerable Software and Affected Versions Emoncms version 11.7.3 Description Emoncms version 11.7.3 contains a remote code execution issue in the firmware upload functionality. Authenticated users can execute arbitrary commands on the system. This is due to inadequate validation of...

7.5CVSS8.4AI score0.00556EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/13 6:32 a.m.5 views

EUVD-2025-33963

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...

3.5CVSS7.2AI score0.0051EPSS
Exploits0References2
CVE
CVE
added 2025/10/13 4:58 a.m.15 views

CVE-2025-31995

The CVE-2025-31995 entry concerns HCL Unica MaxAI Workbench, with the root cause identified as improper input validation. Multiple connected sources (Red Hat, EU ENISA, NVD, CVE lists, and security vendors) confirm that this vulnerability could enable SQL injection, cross-site scripting (XSS), or...

3.5CVSS7.4AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 5:35 p.m.5 views

CVE-2025-36354

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

7.3CVSS7.5AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-14244

Malware in sbrugna...

4.3CVSS5.2AI score0.00736EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-39277

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00696EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-31088

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.05805EPSS
Exploits4References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-41404

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28897

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
Redos
Redos
added 2025/10/02 12:0 a.m.4 views

ROS-20251002-01

A vulnerability in the Privoxy proxy server with advanced web content filtering functions is related to insufficient validation of user data in the "processencryptedrequestheaders" function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

7.5CVSS6.2AI score0.01393EPSS
Exploits0
Cvelist
Cvelist
added 2025/09/29 10:29 p.m.29 views

CVE-2025-36245 IBM InfoSphere Information Server command execution

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

8.8CVSS0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/26 4:51 p.m.4 views

CVE-2025-20363

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance ASA Software, Cisco Secure Firewall Threat Defense FTD Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker Cisco ASA and FTD Software...

9CVSS7.5AI score0.0752EPSS
Exploits0References1
EUVD
EUVD
added 2025/09/10 7:48 p.m.16 views

EUVD-2025-27608

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...

9.8CVSS6.8AI score0.10543EPSS
Exploits7References8
Rows per page
Query Builder