Lucene search
K

360 matches found

Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.10 views

PT-2026-21348

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

8.2CVSS5.5AI score0.00354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 1:43 p.m.3 views

CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

8.7CVSS6AI score0.00631EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

HCL BigFix Compliance security vulnerabilities

HCL BigFix Compliance is a continuous monitoring and application terminal security setting implemented by HCL Company in India, aimed at ensuring compliance with regulations or organizational security policies. HCL BigFix Compliance has security vulnerabilities; these vulnerabilities stem from...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.8 views

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

9.4CVSS6AI score0.00413EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 12:0 a.m.16 views

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

9.4CVSS5.7AI score0.00413EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 2:59 p.m.4 views

CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

8.4CVSS5.4AI score0.001EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress plugin DK PDF code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5CVSS5.8AI score0.00242EPSS
Exploits0References5
OSV
OSV
added 2026/01/14 12:31 a.m.5 views

GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...

9.8CVSS7.2AI score0.00049EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS7AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.25 views

CVE-2022-50807

...

0.00049EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.4 views

PT-2026-2364

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...

9.8CVSS6.8AI score0.00049EPSS
Exploits0References9
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS0.00265EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 2:57 a.m.3 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-2219

Name of the Vulnerable Software and Affected Versions Ghost versions 5.38.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in Ghost’s media inliner mechanism enables staff users with a valid authentication token for the Ghost...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.4 views

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

7.5CVSS6.8AI score0.01084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.8 views

CVE-2024-41777

IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

7.5CVSS6.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin Prime Slider 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

4.3CVSS6.6AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 7:30 a.m.15 views

CVE-2025-13596

The vulnerability CVE-2025-13596 affects ATISoluciones CIGES Application (version 2.15.6 and earlier). The root cause is improper error handling: unhandled exceptions lead to detailed error messages and stack traces being returned to clients, exposing internal filesystem paths, SQL queries, datab...

6.9CVSS6.6AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2025/11/20 3:17 p.m.7 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.5CVSS6.6AI score
Exploits0References1
Rows per page
Query Builder