Lucene search
K

79 matches found

Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.7 views

PT-2024-27770 · Vermeg · Vermeg Agilereporter

Name of the Vulnerable Software and Affected Versions: Vermeg Agile Reporter version 23.2.1 Description: The issue is a stored cross-site scripting XSS that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast...

4.8CVSS5.4AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.8 views

PT-2024-26458 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view item. Manipulating the argument id can result in SQL injection...

9.8CVSS7.4AI score0.00429EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-26450 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts unidentified code within the file /classes/SystemSettings.php?f=update settings. Manipulating the name parameter results in cross-site...

5.4CVSS6.7AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.5 views

PT-2024-26320 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/homePro deal.php" with parameters mudi, dataType, and dataTypeCN. This issue allows for unauthorized requests. Recommendations: F...

8.8CVSS6.7AI score0.00329EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.6 views

PT-2024-24200 · Unknown · Gin-Vue-Admin

Name of the Vulnerable Software and Affected Versions: sanluan flipped-aurora gin-vue-admin versions 2.4.x Description: An issue in the Session Expiration component allows an attacker to escalate privileges. Recommendations: For versions 2.4.x, consider restricting access to the Session Expiratio...

4.7CVSS7.2AI score0.00547EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.3 views

PT-2024-23076

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to...

9.8CVSS6.6AI score0.00583EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.4 views

PT-2024-12052 · Unknown · Mt Safeline X-Ray X3310

Name of the Vulnerable Software and Affected Versions: MT Safeline X-Ray X3310 webserver version NXG 19.05 Description: An HTML injection issue exists that allows a remote attacker to render malicious HTML, potentially obtaining sensitive information in a victim's browser. Recommendations: For MT...

5.4CVSS6.7AI score0.00432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.4 views

PT-2024-20426

Name of the Vulnerable Software and Affected Versions Lime Survey Community Edition version v.5.3.32+220817 Description A Cross Site Scripting XSS issue allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. This enables...

6.1CVSS6.8AI score0.00677EPSS
Exploits4References10
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.3 views

PT-2024-2195 · Trendnet · Trendnet Tew-827Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU router version 2.10B01 Description: There is a command injection issue in the apply.cgi interface, allowing an attacker to inject commands into the post request parameters usapps.config.smb admin name, thereby gaining root...

9CVSS7.9AI score0.02121EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.5 views

PT-2024-19639 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: A Cross Site Scripting XSS issue exists in the is water parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. This enables the attacker to potentially steal user data or take...

6.1CVSS6.3AI score0.00434EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.6 views

PT-2024-15811 · Linzhaoguan · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms version 2.0 Description: A problematic issue has been found in the Comment Handler component of the software, allowing for cross-site scripting through the manipulation of input, such as . This can be exploited remotely...

5.4CVSS6.4AI score0.00565EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.4 views

PT-2023-32842 · Unknown · Lightxun Iptv Gateway

Name of the Vulnerable Software and Affected Versions: Lightxun IPTV Gateway versions up to 20231208 Description: A vulnerability was found in the processing of the file /ZHGXTV/index.php/admin/index/web upload template.html. The manipulation of the file argument leads to unrestricted upload. The...

6.5CVSS4.9AI score0.0063EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.6 views

PT-2023-31456 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/database/backup component. This allows for unauthorized actions to be performed on the system. Recommendations: For Dreamer CMS...

8.8CVSS8.6AI score0.00364EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.5 views

PT-2023-31555 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information...

7.5CVSS7.2AI score0.01213EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/08 12:0 a.m.9 views

PT-2023-7920 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L version B1 FW223WWb01 Description: The issue is related to the firmware of D-Link DIR-850L routers, specifically version B1 FW223WWb01, where a remote attacker can execute arbitrary code via a crafted script to the en paramete...

9.8CVSS9.3AI score0.01862EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.4 views

PT-2023-28533 · Unknown · Firewall Service

Name of the Vulnerable Software and Affected Versions: Firewall service affected versions not specified Description: The issue is related to a missing permission check in the firewall service, allowing potential local information disclosure without requiring additional execution privileges...

5.5CVSS5.2AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.5 views

PT-2023-7439 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...

7.8CVSS7.3AI score0.01118EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.8 views

PT-2023-30426 · Unknown · Nagaoka Taxi Line

Name of the Vulnerable Software and Affected Versions: nagaoka taxi Line version 13.6.1 Description: The issue allows remote attackers to send malicious notifications to victims due to the leakage of channel access token. Recommendations: For version 13.6.1, consider restricting access to the...

6.5CVSS6.5AI score0.00353EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.4 views

PT-2023-30228 · E-Tax · E-Tax

Name of the Vulnerable Software and Affected Versions: e-Tax software versions 3.0.10 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker ...

5.5CVSS7AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/04 12:0 a.m.5 views

PT-2023-29990 · Loytec · Linx Configurator +7

Name of the Vulnerable Software and Affected Versions: LOYTEC LINX-151 affected versions not specified LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 affected versions not specified LOYTEC LIOB-588 affected versions not specified...

8.2CVSS7AI score0.07381EPSS
Exploits2References7
Rows per page
Query Builder