Lucene search
+L

4532 matches found

Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.6 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS5.4AI score0.00338EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.28 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.10 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.12 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS0.00182EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.6 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5238

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:56 p.m.20 views

CVE-2026-24671

Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts in multiple user-controllable input fields, which could allo...

6.1CVSS5.6AI score0.00182EPSS
Exploits1References2
NVD
NVD
added 2026/02/01 1:15 p.m.6 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

6.4CVSS0.00217EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/30 3:8 p.m.3 views

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...

8.5CVSS5.9AI score0.00209EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/27 9:24 a.m.16 views

CVE-2025-14316

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

MyTube security vulnerability

MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained a security vulnerability, which stemmed from improper permission verification at the database export endpoint. This vulnerability could allow low-privilege users to access...

8.7CVSS5.8AI score0.00317EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 9:40 p.m.2 views

CVE-2025-14750 External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

8.7CVSS5.9AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.14 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 6:16 a.m.6 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 6:0 a.m.4 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3540

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

5.4AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 12:16 a.m.6 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS0.00309EPSS
Exploits1References4
OSV
OSV
added 2026/01/16 12:16 a.m.4 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/01/16 12:16 a.m.8 views

UBUNTU-CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.7AI score0.00309EPSS
Exploits1References6
Rows per page
Query Builder