Lucene search
K

54814 matches found

Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.2 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

5.2AI score0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.5 views

PT-2025-52668

Name of the Vulnerable Software and Affected Versions Frappe Framework version 15.89.0 Description A flaw exists within the Attachments module that permits arbitrary file uploads. Successful exploitation, involving the upload of a specially crafted XML file, could lead to the execution of arbitra...

9.6CVSS6.8AI score0.00437EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52685

Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Media module. An attacker can inject a crafted payload into the Name field to execute arbitrary web scripts or HTML. Recommendations At the moment, ther...

6.1CVSS5.8AI score0.00185EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.3 views

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

7.5AI score0.00437EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-68332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver c6xdigio seems to be for a parallel port connected device. When the Comedi...

5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.21 views

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS0.0056EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/21 2:20 a.m.4 views

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.3 views

CampCodes Complete Online Beauty Parlor Management System SQL注入漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References6
OSV
OSV
added 2025/12/20 9:3 a.m.10 views

RLSA-2023:5362 Important: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18. BZ2234409 Security Fixes: nodejs: Permissions policies can be bypassed via...

8.8CVSS6.8AI score0.02761EPSS
Exploits2References5
Rockylinux
Rockylinux
added 2025/12/20 9:3 a.m.4 views

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

9.8CVSS6.9AI score0.02761EPSS
Exploits2
OSV
OSV
added 2025/12/20 9:3 a.m.13 views

RLSA-2023:5360 Important: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...

8.8CVSS6.8AI score0.02761EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 4:34 a.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Incomplete Filtering of One or More Instances of Special Elements due to node module validator (CVE-2025-12758)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to Incomplete Filtering of One or More Instances of Special Elements due to node module validator. Vulnerability Details...

8.7CVSS6.8AI score0.00454EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2025/12/19 3:31 a.m.4 views

EUVD-2025-204433

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...

6.5CVSS6.2AI score0.00303EPSS
Exploits1References6
OSV
OSV
added 2025/12/19 1:16 a.m.6 views

CVE-2025-14908

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...

8.1CVSS6.7AI score
Exploits0References5
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.25 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

0.00367EPSS
Exploits1References3
CVE
CVE
added 2025/12/18 7:57 p.m.11 views

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 7:57 p.m.19 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS0.00166EPSS
Exploits0References3
NVD
NVD
added 2025/12/18 7:16 p.m.3 views

CVE-2025-14885

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

8.8CVSS0.00299EPSS
Exploits1References5
OSV
OSV
added 2025/12/18 7:16 p.m.3 views

CVE-2025-14885

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

8.8CVSS5.5AI score0.00299EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/18 6:32 p.m.3 views

CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

6.5CVSS6.3AI score0.00299EPSS
Exploits1References5
Rows per page
Query Builder