Lucene search
K

207 matches found

Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.6 views

PT-2025-31841 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.5 Description: A problematic issue exists in givanz Vvveb that allows information disclosure. The issue is located in an unknown part of the file /vadmin123/index.php?module=editor/editor within the Drag-and-Dr...

5.1CVSS3.5AI score0.00399EPSS
Exploits1References11
NVD
NVD
added 2025/07/25 5:15 a.m.3 views

CVE-2025-8132

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public...

5.5CVSS0.00548EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/24 7:20 a.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a Denial of Service and Uncontrolled Resource Consumption due to Multer and brace-expansion( CVE-2025-48997,CVE-2025-5889 )

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to a Denial of Service and Uncontrolled Resource Consumption due to Multer and brace-expansion. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node....

8.7CVSS6.8AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:25 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote code execution due to the setuptools package (CVE-2025-47273)

Summary Setuptools is used by DataStage on Cloud Pak for Data as part of package handling. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in...

8.8CVSS7.3AI score0.01479EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/06 2:18 a.m.11 views

CVE-2025-7053

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...

5.1CVSS3.6AI score0.00289EPSS
Exploits1References1
CVE
CVE
added 2025/07/04 2:2 a.m.29 views

CVE-2025-7053

Cockpit up to version 2.11.3 is vulnerable to cross-site scripting via manipulation of the name or email argument in /system/users/save. The issue may be triggered remotely; CVSS notes range from low to medium depending on source. A fix is available in Cockpit 2.11.4, with patch sha bdcd5e3bc651c...

6.1CVSS3.7AI score0.00289EPSS
Exploits1References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

5CVSS6.6AI score0.00595EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.6 views

PT-2025-29858

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and 3.4 Cisco Identity Services Engine versions prior to 3.3 Patch 7 Cisco ISE-PIC versions prior to 3.4 Patch 2 Description A critical vulnerability exists in a specific API of Cis...

10CVSS8.4AI score0.65098EPSS
Exploits0References141
OSV
OSV
added 2025/06/22 5:15 a.m.6 views

CVE-2025-6466

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File...

9.8CVSS7.1AI score
Exploits0References7
OSV
OSV
added 2025/06/17 6:15 a.m.6 views

CVE-2025-6166

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The...

5.1CVSS7.2AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/06/15 12:0 a.m.7 views

Debian dla-4216 : libcjson-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4216 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4216-1 [email protected]...

5.5CVSS5.2AI score0.00219EPSS
Exploits2References6
OSV
OSV
added 2025/06/09 7:15 p.m.4 views

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

2.3CVSS7AI score
Exploits0References6
Cvelist
Cvelist
added 2025/06/04 7:15 p.m.16 views

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS0.00342EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.13 views

CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert...

6.5CVSS6.8AI score0.00386EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.8 views

CVE-2024-39313

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

6.5CVSS6.8AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.10 views

CVE-2024-52794

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

6.8CVSS6.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.8 views

CVE-2023-46732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a...

9.6CVSS7.1AI score0.02191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.8 views

CVE-2022-4643

A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdfocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1...

9.8CVSS7.6AI score0.01734EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.7 views

CVE-2022-4731

A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address thi...

5.4CVSS6.3AI score0.00513EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.7 views

CVE-2022-4631

A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. ...

6.1CVSS6.3AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder