Lucene search
K

13 matches found

Patchstack
Patchstack
added 2026/06/16 2:57 p.m.4 views

NPM: Astro: XSS via Unescaped Attribute Names in Spread Props

NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22406

Name of the Vulnerable Software and Affected Versions Statmatic versions 6.0.0 through 6.3.9 Description Statmatic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users may, under certain conditions, obtain elevated privileges without completing the intende...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-52983

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc3 Description A use-after-free issue exists in the Linux kernel related to the handling of OPP Operational Power Policy tables after probe deferral. Specifically, when dev pm opp of find icc paths in...

6.3AI score0.00157EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/17 5:35 a.m.3 views

CVE-2025-55097 Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

2.4CVSS6.5AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.2 views

AXIS Camera Station Pro 安全漏洞

AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. A security vulnerability exists in AXIS Camera Station Pro versions prior to 6.4, which originates from a non-administrative user being able to gain system privileges by redirecting file...

4.2CVSS6.8AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

LogSign Unified SecOps Platform 操作系统命令注入漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8...

8.8CVSS9.2AI score0.02973EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.4 views

PT-2024-35091 · Hapi Fhir · Hapi Fhir

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...

8.6CVSS7.1AI score0.00918EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/05/31 12:0 a.m.5 views

Ivanti Avalanche security breach

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions prior to 6.4.x. The vulnerability stems from the...

7.2CVSS7.4AI score0.64423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.5 views

PT-2024-6879 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.5 Description: The issue is related to a path traversal vulnerability that allows a remote unauthenticated attacker to bypass authentication. This is due to incorrect restriction of the path name to a...

9.8CVSS7.4AI score0.37965EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.7 views

PT-2024-2929 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: A Heap Overflow vulnerability in the WLInfoRailService component allows a remote unauthenticated attacker to execute arbitrary commands. The vulnerability is related to a buffer overflow i...

9.8CVSS10AI score0.03561EPSS
Exploits0References8
OSV
OSV
added 2023/01/23 3:15 p.m.3 views

CVE-2022-4474

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.2 views

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in YetiForceCrm versions prior to 6.4.0, which stems from a lack of content validation and output encoding, and can be exploited by an attacker by uploading a carefully crafted...

7CVSS6AI score0.00429EPSS
Exploits1References3
CNVD
CNVD
added 2020/06/09 12:0 a.m.1 views

LibreOffice Information Disclosure Vulnerability (CNVD-2020-35942)

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. An information disclosure vulnerability exists in versions of LibreOffice prior to 6.4.4. The...

5.3CVSS8.7AI score0.01944EPSS
Exploits0References1
Rows per page
Query Builder