Lucene search
+L

316 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24520

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Foreman 信息泄露漏洞

Foreman is a set of open-source tools developed by Foreman for lifecycle management in physical and virtual servers. This tool provides functions such as service activation, configuration management, and reporting status. Foreman has a vulnerability related to information leakage, which stems fro...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References7
NVD
NVD
added 2026/02/26 3:16 a.m.7 views

CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

6.5CVSS0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22117

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

9.9CVSS6.9AI score0.22162EPSS
Exploits70References140
Cvelist
Cvelist
added 2026/02/24 12:52 p.m.20 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS0.004EPSS
Exploits0References1
NCSC
NCSC
added 2026/02/23 2:27 p.m.60 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

6.8CVSS8.4AI score0.05145EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20882

Name of the Vulnerable Software and Affected Versions Spring Data Geode affected versions not specified Description The software has a flaw related to insecure directory usage during snapshot imports. Specifically, archives are extracted into predictable and overly permissive directories within t...

4.8CVSS5.2AI score0.00097EPSS
Exploits0References5
NVD
NVD
added 2026/02/05 7:16 a.m.12 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS0.00422EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Weintek cMT security vulnerabilities

Weintek cMT is a human-computer interface application developed by Weintek Corporation. There is a security vulnerability in Weintek cMT. This vulnerability stems from the insufficient validation of inputs that are assumed to be immutable but are actually externally controllable. This could allow...

8.7CVSS5.8AI score0.00315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 12:18 a.m.6 views

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

6.5CVSS6.4AI score0.00306EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2486

Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...

6.5CVSS5.4AI score0.00306EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.7 views

CVE-2021-2380

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

7.6CVSS6.2AI score0.0069EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 10:15 p.m.14 views

CVE-2025-12838

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS0.00147EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/11 12:0 a.m.6 views

(0Day) Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration o...

7.8CVSS7.5AI score0.00138EPSS
Exploits0
NVD
NVD
added 2025/12/10 7:16 p.m.5 views

CVE-2025-64557

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 6:23 p.m.4 views

CVE-2025-64604 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.1AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.20 views

CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

4.3CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 9:46 p.m.11 views

CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

4.3CVSS0.00258EPSS
Exploits1References2
OSV
OSV
added 2025/12/01 9:46 p.m.7 views

CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

4.3CVSS6.5AI score0.00258EPSS
Exploits1References4
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65238

OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...

6.5CVSS6.4AI score0.00299EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder