Lucene search
K

143 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.6 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.7AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6.5AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.3 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS6.2AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.4 views

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS7AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.3 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS6.2AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198895

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS5.8AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.4 views

EUVD-2025-198896

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS6.6AI score0.00387EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198892

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.8 views

EUVD-2025-198803

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.2AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.5 views

EUVD-2025-198802

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6AI score0.0016EPSS
Exploits0References3
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS0.00189EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.6 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS0.0016EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS0.00387EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 4:15 p.m.7 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 12:0 a.m.4 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS6.2AI score0.0021EPSS
Exploits0References4
OSV
OSV
added 2025/11/24 12:0 a.m.4 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

4.6CVSS6.4AI score0.0016EPSS
Exploits0References4
CVE
CVE
added 2025/11/24 12:0 a.m.24 views

CVE-2025-60915

CVE-2025-60915 affects Austrian Openatlas: an issue in the size query parameter of /views/file.py allows path traversal with a crafted request in versions before v8.12.0. Impact is access to restricted paths; remediation is upgrading to v8.12.0 or later (no exploitation details provided in the do...

8.1CVSS6.7AI score0.00387EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.15 views

CVE-2025-60914

CVE-2025-60914 describes an access-control flaw in the Austrian Archaeological Institute Openatlas prior to version 8.12.0, where a crafted GET request to the path /display_logo can disclose sensitive information. The affected product is Openatlas (by the Austrian Archaeological Institute). The u...

4.6CVSS6.1AI score0.0016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/24 12:0 a.m.20 views

CVE-2025-60917

CVE-2025-60917 is a reflected XSS in Austrian Archaeological Institute Openatlas prior to v8.12.0, discovered via the /overview/network/ endpoint where an attacker injects a payload into the color parameter to run code in a user’s browser. The vulnerability arises from unvalidated/reflected input...

4.6CVSS5.9AI score0.00189EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder