Lucene search
+L

1582 matches found

CVE
CVE
added 2025/03/18 11:20 a.m.51 views

CVE-2025-2493

CVE-2025-2493 describes a path traversal vulnerability in Softdial Contact Center (Sytel Ltd.). The flaw arises from insufficient validation of the id parameter in the /softdial/scheduler/load.php endpoint, allowing an attacker to navigate outside the intended directory and potentially access sen...

8.7CVSS6.4AI score0.00501EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2025/02/15 12:0 a.m.211 views

ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vulnerability

ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...

6.9CVSS7AI score0.02366EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.273 views

ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access

ABB Cylon FLXeon version 9.3.4 allows unauthenticated access to the Building Management System BMS or Building Automation System BAS dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate...

7.3AI score
Exploits0
0day.today
0day.today
added 2025/02/09 12:0 a.m.148 views

ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.10 views

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...

8.8CVSS7.5AI score0.00441EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:24 p.m.8 views

CVE-2024-52440

Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through = 1.0.0...

9.8CVSS7.2AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:3 p.m.13 views

CVE-2024-7358

A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure...

8.5CVSS6.7AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:13 a.m.6 views

CVE-2024-29129

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4...

7.1CVSS8.6AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 3:15 p.m.22 views

CVE-2025-24643

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through = 1.1.0...

6.5CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/03 2:22 p.m.39 views

CVE-2025-24643 WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through = 1.1.0...

6.5CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/03 2:22 p.m.17 views

CVE-2025-23591 WordPress blu Logistics plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through = 1.0.0...

7.1CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/02/03 10:21 a.m.158 views

CVE-2025-0015

CVE-2025-0015 describes a Use-After-Free vulnerability in ARM Mali Valhall GPU Kernel Driver and ARM 5th Gen GPU Architecture Kernel Driver. A local, non-privileged user can perform improper GPU processing operations to gain access to memory that has already been freed. Affected versions include ...

7.8CVSS6.6AI score0.00163EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/02/03 10:21 a.m.11 views

CVE-2025-0015 Mali GPU Kernel Driver allows improper GPU processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48...

7AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 10:18 a.m.4 views

CVE-2024-6790 Mali GPU Kernel Driver can cause the whole system to become unresponsive

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL o...

6.8AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/27 12:0 a.m.6 views

CVE-2024-56968

An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload...

6AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 6:15 p.m.5 views

CVE-2025-24673

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

6.5CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/24 5:24 p.m.17 views

CVE-2025-24673 WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

6.5CVSS0.00334EPSS
Exploits0References1
CVE
CVE
added 2025/01/22 2:29 p.m.43 views

CVE-2025-23701

CVE-2025-23701 describes a Reflected XSS in Lime Developer Login (Lime Developer Login by LimeSquare Pty Ltd) caused by improper neutralization of input during web page generation. Affected: Lime Developer Login, version range v1.0 through v1.4.0 (as stated). The Red Hat CVE record confirms the s...

7.1CVSS7.2AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 9:15 p.m.16 views

CVE-2025-23899

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookalet Bookalet bookalet allows Stored XSS.This issue affects Bookalet: from n/a through = 1.0.3...

6.5CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 8:7 p.m.5 views

CVE-2025-23899 WordPress Bookalet plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookalet Bookalet bookalet allows Stored XSS.This issue affects Bookalet: from n/a through = 1.0.3...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
Rows per page
Query Builder