Lucene search
+L

136 matches found

Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.10 views

PT-2024-28408 · Simpcms · Simpcms

Name of the Vulnerable Software and Affected Versions: SimpCMS version 0.1 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at the "/admin.php" API endpoint. Recommendations: For...

5.4CVSS6AI score0.00743EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.11 views

PT-2024-37650 · Playsms · Playsms

Name of the Vulnerable Software and Affected Versions: playSMS version 1.4.3 Description: A vulnerability was found in the Template Handler component, specifically in the file /index.php?app=main&inc=feature firewall&op=firewall list. The manipulation of the id argument leads to injection. The...

8.8CVSS7.5AI score0.00736EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.5 views

PT-2024-28370 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/userSys deal.php?mudi=infoSet". This allows for potential unauthorized actions on the affected system. Recommendations: For idccm...

8.8CVSS6.7AI score0.00296EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.9 views

PT-2024-28271 · H3C · H3C Magic R230

Name of the Vulnerable Software and Affected Versions: H3C Magic R230 version V100R002 Description: The issue allows attackers to execute arbitrary commands due to the udpserver opening port 9034. Recommendations: For H3C Magic R230 version V100R002, consider restricting access to port 9034 as a...

4.1CVSS8.2AI score0.00413EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.19 views

PT-2024-4141 · D Link · D-Link Wireless Routers

Name of the Vulnerable Software and Affected Versions: D-Link wireless routers affected versions not specified Description: The issue is related to an undisclosed factory testing backdoor in certain models of D-Link wireless routers. This backdoor allows unauthenticated attackers on the local are...

8.8CVSS7AI score0.06307EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-27688 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: The issue is related to a stack overflow that occurs via the ssid in the setWiFiGuestCfg function. This allows for potential exploitation. No information is provided about the estimate...

8.8CVSS7.4AI score0.00615EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.9 views

PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1

Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...

9.8CVSS7.7AI score0.01207EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.6 views

PT-2024-19664

Name of the Vulnerable Software and Affected Versions Apfloat version 1.10.1 Description A NullPointerException was discovered in Apfloat via the component org.apfloat.internal.DoubleScramble::scrambledouble, int, int. However, the existence of this issue is disputed by multiple third parties due...

7.5CVSS5.8AI score0.00528EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.5 views

PT-2024-23532 · Tenda · Tenda Fh1205

Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: The issue is a stack overflow vulnerability in the page parameter from the fromAddressNat function. Recommendations: For Tenda FH1205 version 2.0.0.7775, as a temporary workaround, consider...

9.8CVSS7.3AI score0.00807EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.4 views

PT-2024-22434 · Twenty · Twenty

Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code. Recommendations: For version 0.3.0, consider disabling the...

7.6CVSS6.3AI score0.00674EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.20 views

PT-2024-23100

Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...

9.8CVSS5.6AI score0.00825EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.9 views

PT-2024-22388 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary write vulnerability via the swf get string function at scene manager/swf parse.c:325. This vulnerability can be exploited by a remote attack...

7.1CVSS7.5AI score0.00528EPSS
Exploits2References14
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-22458 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue is a stack overflow vulnerability in the fromAddressNat function, specifically affecting the entrys parameter. Recommendations: For Tenda AC18 version 15.03.05.05, consider restricting...

9.8CVSS7.3AI score0.00775EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-18424 · Sourcecodester · Sourcecodester Online Job Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Job Portal version 1.0 Description: A vulnerability has been found in the Manage Job Page component, specifically in the file /Employer/ManageJob.php. The manipulation of the Qualification/Description argument leads to...

5.4CVSS4.2AI score0.00515EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.6 views

PT-2024-3899 · Sap · Sap Master Data Governance For Material

Name of the Vulnerable Software and Affected Versions: SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804 Description: The issue is related to the absence of a necessary authorization check for an authenticated user, resulting in escalation of...

4.3CVSS7AI score0.00319EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.7 views

PT-2024-17346 · South River · South River Webdrive

Name of the Vulnerable Software and Affected Versions: South River WebDrive version 18.00.5057 Description: A vulnerability was found in the New Secure WebDAV component, which can lead to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the...

5.5CVSS7AI score0.00366EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.6 views

PT-2024-20366 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the desc parameter in the setWiFiAclRules function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...

9.8CVSS9.6AI score0.01702EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.5 views

PT-2024-1820 · Unknown · Schlix Cms

Name of the Vulnerable Software and Affected Versions: Schlix CMS version 2.2.8-1 Description: The issue is related to an arbitrary file upload vulnerability in the core.mediamanager component of Schlix CMS, which allows remote authenticated attackers to execute arbitrary code and obtain sensitiv...

8.3CVSS7.3AI score0.01158EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.3 views

PT-2024-19481 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to Cross Site Scripting XSS in the email settings of the website settings section. This allows for potential malicious script injection. Recommendations: For FlyCms version 1.0, as a...

5.4CVSS5.2AI score0.00379EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.11 views

PT-2023-32925 · Unknown · Campcodes Online College Library System

Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical vulnerability was found in the Campcodes Online College Library System. The issue affects an unknown function of the file /admin/category row.php of the component HTT...

8.8CVSS5.5AI score0.00733EPSS
Exploits1References8
Rows per page
Query Builder