CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/08/15 5:15 p.m.•3 views

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS0.0028EPSS

Vulnrichment•added 2025/08/15 4:25 p.m.•3 views

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

9.1CVSS7.7AI score0.0028EPSS

Cvelist•added 2025/08/15 4:25 p.m.•6 views

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

9.1CVSS0.0028EPSS

CVE•added 2025/08/15 4:25 p.m.•18 views

CVE-2025-9060

CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...

9.1CVSS7.1AI score0.0028EPSS

CVE•added 2023/12/20 11:27 p.m.•40 views

CVE-2023-51390

CVE-2023-51390 relates to the journalpump daemon, where a logging issue causes the configuration of a service integration (including credentials, if present) to be logged in plaintext to the configured logging pipeline. The flaw allows exposure of sensitive configuration data due to verbose loggi...

7.5CVSS6.8AI score0.00077EPSS

CNVD•added 2021/12/09 12:0 a.m.•10 views

SquaredUp for SCOM Cross-Site Scripting Vulnerability (CNVD-2021-100392)

5.4CVSS2.1AI score0.00202EPSS

CNVD•added 2021/12/09 12:0 a.m.•16 views

SquaredUp for SCOM Cross-Site Scripting Vulnerability (CNVD-2021-100390)

A cross-site scripting vulnerability exists in the integration configuration of SquaredUp for SCOM version 5.2.1.6654, which could be exploited by remote attackers to inject arbitrary web script or HTML via an authorized URL in certain integration configurations. authorized URL in some integratio...

5.4CVSS2.6AI score0.00303EPSS

NVD•added 2021/12/07 1:15 p.m.•5 views

CVE-2021-40093

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

5.4CVSS0.00202EPSS

OSV•added 2021/12/07 1:15 p.m.•0 views

CVE-2021-40096

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations...

5.4CVSS6.1AI score0.00303EPSS

Prion•added 2021/12/07 1:15 p.m.•10 views

Cross site scripting

3.5CVSS5.3AI score0.00303EPSS

CVE•added 2021/12/07 12:58 p.m.•33 views

CVE-2021-40096

CVE-2021-40096 : SquaredUp for SCOM 5.2.1.6654 contains a cross-site scripting (XSS) issue in the integration configuration. The vulnerability allows remote attackers to inject arbitrary web script or HTML by modifying the authorisationUrl in some integration configurations. The description from ...

5.4CVSS5.3AI score0.00303EPSS

CVE•added 2021/12/07 12:48 p.m.•32 views

CVE-2021-40093

CVE-2021-40093 concerns a cross-site scripting (XSS) vulnerability in the integration configuration of SquaredUp for SCOM 5.2.1.6654 . The exposed issue allows remote attackers to inject arbitrary web script or HTML via dashboard actions. The available documents identify the affected product and ...

5.4CVSS5.3AI score0.00202EPSS

Cvelist•added 2021/12/07 12:48 p.m.•9 views

CVE-2021-40093

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

5.5AI score0.00202EPSS

CNNVD•added 2021/12/07 12:0 a.m.•1 views

Squaredup 跨站脚本漏洞

5.4CVSS5.4AI score0.00303EPSS

CNNVD•added 2021/12/07 12:0 a.m.•1 views

SquaredUp跨站脚本漏洞

5.4CVSS5.4AI score0.00202EPSS

Exploits0References3

Kitploit•added 2017/01/19 2:30 p.m.•11 views

Glue - Application Security Automation

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Recommended Usage For those wishing to run Glue, we recommend using the docker image because it should have the other tools it uses available already an...

7.5AI score