Lucene search
K

32 matches found

NVD
NVD
added 2026/02/03 6:16 p.m.7 views

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

4.1CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 2:43 p.m.9 views

CVE-2025-34411

The Convercent Whistleblowing Platform exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. An unauthenticated attacker can query the endpoint with common legal-suffix terms to enumerate Convercent te...

6.5AI score0.00126EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-0377

Malware in sbrugna...

5CVSS6.3AI score0.01811EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12233

Malware in sbrugna...

6.8CVSS6.5AI score0.0131EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7738

Malware in sbrugna...

6.1CVSS6.2AI score0.02441EPSS
Exploits5References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-24958

Malware in sbrugna...

4.3CVSS7.1AI score0.01459EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3435

Malicious code in bioql PyPI...

5.8CVSS6.4AI score0.0137EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-27494

Malicious code in bioql PyPI...

4CVSS4.9AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52726

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00667EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18433

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00832EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-35202

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01066EPSS
Exploits1References2
HackRead
HackRead
added 2025/08/05 2:51 p.m.5 views

Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor

Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.6 views

PT-2025-30420 · Telegai · Telegai

Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...

6.1CVSS5.4AI score0.00234EPSS
Exploits1References3
CVE
CVE
added 2025/07/07 9:55 a.m.110 views

CVE-2025-3777

CVE-2025-3777 : In Hugging Face Transformers, versions up to 4.49.0 are affected by improper input validation in image_utils.py due to insecure URL validation with startswith(), bypassable via URL username injection. Attackers could craft URLs that appear to be from YouTube but resolve to malicio...

3.5CVSS4AI score0.00329EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/16 6:30 p.m.10 views

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS7AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.10 views

CVE-2024-1566

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

6.5CVSS6.7AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:12 a.m.11 views

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0...

5.3CVSS6.9AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 3:16 p.m.10 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS0.0028EPSS
Exploits0References3
NVD
NVD
added 2025/03/31 11:15 a.m.20 views

CVE-2025-3027

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially...

6.1CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 10:54 a.m.45 views

CVE-2025-30781

CVE-2025-30781 concerns the Scheduled & Automatic Order Status Controller for WooCommerce. It describes an Open Redirect vulnerability that could enable phishing by redirecting users to untrusted sites. Affected software ranges “from n/a through 3.7.1.” Connected vulnerability listings indicate t...

4.7CVSS8.7AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder