Lucene search
K

259 matches found

Cvelist
Cvelist
added 2025/04/30 2:55 p.m.66 views

CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS0.00338EPSS
Exploits1References3
Circl
Circl
added 2025/04/28 8:11 p.m.16 views

CVE-2025-4036

creationtimestamp| type| source ---|---|--- 2025-04-28 20:11:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13726 2025-04-28 23:45:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5vaqci2h 2025-04-29 00:06:28+00:00| seen|...

9.8CVSS6.2AI score0.00432EPSS
Exploits1References3
Circl
Circl
added 2025/04/28 6:11 p.m.8 views

CVE-2024-12706

creationtimestamp| type| source ---|---|--- 2025-04-28 18:11:00+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13719 2025-04-28 21:45:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvqh4moq42v 2025-04-28 22:25:59+00:00| seen| https://t.me/cvedetector/23940...

2.1CVSS5.3AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2025/04/17 7:15 a.m.16 views

CVE-2025-2903

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...

8.5CVSS0.00181EPSS
Exploits0References1
Circl
Circl
added 2025/04/16 2:55 a.m.11 views

CVE-2025-3698

creationtimestamp| type| source ---|---|--- 2025-04-16 02:55:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11982 2025-04-16 06:48:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmvyq76czu2a 2025-04-16 07:40:00+00:00| seen| https://t.me/cvedetector/23044...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References3
Circl
Circl
added 2025/04/01 10:57 p.m.6 views

CVE-2025-31580

creationtimestamp| type| source ---|---|--- 2025-04-01 22:57:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llrxuf5ojr2s 2025-04-01 23:56:03+00:00| seen| https://t.me/cvedetector/21809...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/26 12:0 a.m.8 views

The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform lies in the insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.4AI score0.00371EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/03/19 5:36 p.m.114 views

CVE-2025-29925

XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...

8.7CVSS6.3AI score0.00906EPSS
In wildExploits1References5Affected Software1
Circl
Circl
added 2025/03/11 7:35 a.m.10 views

CVE-2025-26707

creationtimestamp| type| source ---|---|--- 2025-03-11 07:35:35+00:00| seen| https://t.me/cvedetector/20032 2025-03-11 08:00:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lk3lxtq7qd2l...

5.3CVSS4.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2025/02/21 10:15 p.m.4 views

GHSA-63CR-XG3F-8JVR Leantime allows Stored Cross-Site Scripting (XSS)

Summary Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Details A Stored Cross-Site Scripting XSS vulnerability was found that could potentially compromise user data and pose a...

5.9CVSS5.4AI score
Exploits0References3
Circl
Circl
added 2025/02/13 6:52 p.m.8 views

CVE-2025-1127

creationtimestamp| type| source ---|---|--- 2025-02-13 18:52:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113998086368947353 2025-02-13 19:16:11+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li3flzjmfv2a 2025-02-13 20:34:57+00:00| seen|...

9.1CVSS4.8AI score0.00533EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 8:33 p.m.15 views

CVE-2022-31166

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

8.8CVSS6.5AI score0.01157EPSS
Exploits1References1
Circl
Circl
added 2025/01/22 3:19 p.m.3 views

CVE-2025-23681

creationtimestamp| type| source ---|---|--- 2025-01-22 15:19:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo5h3jiw2f...

7.1CVSS6.9AI score0.0036EPSS
Exploits0References1
Circl
Circl
added 2024/12/27 3:18 p.m.13 views

CVE-2024-56604

creationtimestamp| type| source ---|---|--- 2024-12-27 15:18:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lecbvshtvv2f 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen|...

7.8CVSS6.8AI score0.00219EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2024/12/20 12:33 p.m.33 views

USN-7159-4: Linux kernel (IoT) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...

7.8CVSS7AI score0.00289EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.7 views

The vulnerability of the loader for AMD Platform Security Processor processors allows a hacker to execute arbitrary code.

The vulnerability of the loader for AMD Platform Security Processor processors involves incorrect checking of the range in the object header. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7AI score0.00286EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 6:53 p.m.15 views

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

8.6CVSS6.4AI score0.00732EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.5 views

Linaro Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Linaro Trusted Firmware-M version 2.1.0, which stems from not validating user-supplied pointers to invec and outvec...

9.8CVSS6.8AI score0.00788EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/01 12:0 a.m.14 views

CVE-2024-46083

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...

0.00277EPSS
Exploits1References1
OSV
OSV
added 2024/09/16 9:0 a.m.49 views

RHSA-2022:8850 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-ujson) security update

Bulletin has no description...

7.5CVSS6.4AI score0.02283EPSS
Exploits1References13
Rows per page
Query Builder