Lucene search
K

220 matches found

Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.6 views

PT-2025-35922

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.13 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/cycle endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:44 a.m.11 views

CVE-2024-21666

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

6.5CVSS6.3AI score0.00564EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:36 a.m.8 views

CVE-2024-20947

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.4CVSS6AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.7 views

CVE-2024-51764

A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...

5.5CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.7 views

CVE-2023-36814

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

7.5CVSS7.1AI score0.00723EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.18 views

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

4.3CVSS6.7AI score0.00763EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.4 views

CVE-2021-2093

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.2CVSS6.5AI score0.01169EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.3 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 13.0.0 and earlier, which stems from allowing cross-site scripting attacks...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/17 9:14 p.m.17 views

CVE-2025-30716

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

7.5CVSS6.7AI score0.006EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2025/03/03 5:0 p.m.9 views

How Qualys Policy Compliance Helps You Adopt NIST AI RMF 1.0

Artificial Intelligence AI technologies are reshaping industries at an unprecedented pace. But while these technologies present incredible opportunities for innovation, they also pose unique risks. AI systems are no longer just futuristic concepts; they are actively influencing business decisions...

7.7AI score
Exploits0
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

cool-admin-java 代码问题漏洞

cool-admin-java is a backend privilege management framework for COOL individual developers. A code issue vulnerability exists in cool-admin-java v1.0. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...

7.2CVSS7.7AI score0.00838EPSS
Exploits1References2
Veracode
Veracode
added 2025/01/31 5:12 a.m.10 views

SQL Injection

pimcore/customer-management-framework-bundle is vulnerable to SQL injection. The vulnerability is due to improper handling of the filterDefinition/filter argument in the file /admin/customermanagementframework/customers/list, which allows execution of SQL commands...

7.2CVSS7.7AI score0.00824EPSS
Exploits2References7Affected Software1
Debian CVE
Debian CVE
added 2025/01/27 5:6 p.m.16 views

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...

9.1CVSS9AI score0.0529EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/01/27 3:46 p.m.10 views

CVE-2024-45598

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...

6CVSS6.4AI score0.02942EPSS
Exploits1References3
NVD
NVD
added 2024/11/15 10:15 p.m.14 views

CVE-2024-51764

A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...

5.5CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 9:32 p.m.20 views

CVE-2024-51764

A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...

0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 9:32 p.m.10 views

CVE-2024-51764

A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...

6.9AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Hewlett Packard Enterprise Data Management Framework 安全漏洞

Hewlett Packard Enterprise Data Management Framework HPE DMF is a data management framework from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Data Management Framework that stems from vulnerability to unauthorized access locally or in a cluster...

5.5CVSS6.7AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 5:7 p.m.21 views

CGA-RM26-RMF3-QJQC

Bulletin has no description...

7.5CVSS8.2AI score0.01127EPSS
Exploits0
Rows per page
Query Builder