CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Positive Technologies•added 2025/10/27 12:0 a.m.•2 views

PT-2025-43964

Name of the Vulnerable Software and Affected Versions PingFederate affected versions not specified Description A configuration issue in PingFederate’s HTML Form Adapter, specifically when operating in non-default redirectless mode, can lead to unexpected authentication form rendering. This allows...

6.5AI score0.00042EPSS

Exploits0References4

ATTACKERKB•added 2025/04/14 7:15 p.m.•2 views

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS6AI score0.00194EPSS

Exploits0References2Affected Software2

Cvelist•added 2025/04/14 6:41 p.m.•15 views

CVE-2025-1782 Unsanitized input in language form field

9.9CVSS0.00194EPSS

Exploits0References1

CVE•added 2025/04/14 6:41 p.m.•686 views

CVE-2025-1782

CVE-2025-1782 affects HylaFAX Enterprise Web Interface and AvantFAX. The vulnerability arises from an unsanitized language form element that can be abused to include an arbitrary file in PHP code, enabling an authenticated attacker to perform actions as the web server user. The available document...

9.9CVSS9.4AI score0.00194EPSS

Exploits0References1

NVD•added 2009/12/21 4:30 p.m.•11 views

CVE-2009-4371

Cross-site scripting XSS vulnerability in the Locale module modules/locale/locale.module in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the 1 Language name in...

3.5CVSS5.5AI score0.00154EPSS

Exploits1References3