Lucene search
K

542 matches found

Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-34553 · Unknown · Phpgurukul Ifsc Code Finder Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul IFSC Code Finder Project version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the "/ifscfinder/admin/profile.php" API endpoint, which allows remote attackers to execute arbitrary code via the...

8.8CVSS7AI score0.00435EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.4 views

PT-2024-16257 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the image argument leads to unrestricted upload. This issu...

9.8CVSS6.6AI score0.00507EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.5 views

PT-2024-33584 · WordPress · Endless Posts Navigation

Name of the Vulnerable Software and Affected Versions: Endless Posts Navigation versions n/a through 2.2.7 Description: A Cross-Site Request Forgery CSRF issue in Endless Posts Navigation allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...

7.1CVSS6.9AI score0.00158EPSS
Exploits0References8
NCSC
NCSC
added 2024/10/11 7:3 a.m.5 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...

9.1CVSS7.1AI score0.67291EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.9 views

PT-2024-39136 · WordPress · Daily Prayer Time

Name of the Vulnerable Software and Affected Versions: Daily Prayer Time plugin for WordPress versions up to, and including, 2024.08.26 Description: The issue arises from insufficient escaping on the user-supplied max word attribute of the quran verse shortcode and lack of sufficient preparation ...

9.9CVSS7.8AI score0.00531EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.2 views

PT-2024-6335 · Microsoft · Office Visio +2

Name of the Vulnerable Software and Affected Versions: Microsoft Visio affected versions not specified Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Description: The issue is related to errors in access control, allowing an...

7.8CVSS8.1AI score0.00595EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.6 views

PT-2024-31814 · Cleanlab · Cleanlab

Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...

8.6CVSS7.5AI score0.00243EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.7 views

PT-2024-31280 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: Perfex CRM version 1.1.0 Description: A stored cross-site scripting XSS issue in the Discussion section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. This enables attacker...

5.4CVSS6AI score0.00375EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.7 views

PT-2024-12602 · Loftware · Loftware Spectrum

Name of the Vulnerable Software and Affected Versions: Loftware Spectrum versions through 4.6 Description: The issue concerns an unprotected JMX Registry in Loftware Spectrum. Recommendations: For versions through 4.6, consider restricting access to the JMX Registry as a temporary mitigation...

9.8CVSS7.2AI score0.00399EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.8 views

PT-2024-31209 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO version 6.2 Description: The issue is related to Cross Site Scripting XSS in the backend, allowing attackers to execute code by changing POST parameters. This enables attackers to perform code execution, potentially leading to...

6.1CVSS6.6AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/25 12:0 a.m.7 views

PT-2024-31512 · Byob · Byob

Name of the Vulnerable Software and Affected Versions: BYOB Build Your Own Botnet version 2.0 Description: An arbitrary file write issue in the exfiltration endpoint allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted...

9.8CVSS7.2AI score0.05635EPSS
Exploits3References15
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.4 views

PT-2024-30047 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version v2.0 Description: A Cross-Site Request Forgery CSRF issue in the delete media.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version v2.0, consider...

8.8CVSS7.7AI score0.0029EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30017 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System version commit 91caab8 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the book id parameter at the "admin modify room.php" endpoint. There is no information...

9.8CVSS8AI score0.00724EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-30107 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job version 2.4.1 Description: The issue allows a remote attacker to execute arbitrary code via the Sub-Task ID component due to insecure permissions. Recommendations: For xxl-job version 2.4.1, consider disabling the Sub-Task ID componen...

8.8CVSS8.6AI score0.00886EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.4 views

PT-2024-38125 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: A problematic issue was found in SeaCMS, affecting an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross-site scripting. It is possible...

6.1CVSS4.3AI score0.00379EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.5 views

PT-2024-37102 · WordPress · Timeline Event History Plugin

Name of the Vulnerable Software and Affected Versions: Timeline Event History plugin for WordPress versions up to, and including, 3.1 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input...

8.8CVSS6.9AI score0.00718EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.5 views

PT-2024-28340 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue concerns an Arbitrary File Read vulnerability. It is exploited via the admin safe.php file. Recommendations: For SeaCMS version 12.9, consider restricting access to the admin safe.php file until a...

6.5CVSS7.2AI score0.00555EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/07 12:0 a.m.4 views

PT-2024-37699 · Unknown · Heyewei Springbootcms

Name of the Vulnerable Software and Affected Versions: heyewei SpringBootCMS up to 2024-05-28 Description: A vulnerability has been found in the Guestbook Handler component of heyewei SpringBootCMS, affecting an unknown function of the file /guestbook. The manipulation of the Content argument lea...

5.3CVSS6.7AI score0.00342EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/06/30 12:0 a.m.5 views

PT-2024-4813 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to weaknesses in the error reporting mechanism of the software platform. It may allow a remote attacker to obtain sensitive information when a detailed technical...

5.5CVSS6.5AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/01 12:0 a.m.5 views

PT-2024-29418 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.10 Description: A Regular Expression Denial of Service ReDoS issue exists, allowing an attacker to significantly impact the application's response time and potentially render it non-functional by manipulating...

7.5CVSS7.7AI score0.00591EPSS
Exploits1References6
Rows per page
Query Builder