Lucene search
K

174 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20666

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.0017EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.5 views

Malicious code in kssd-vol2-rev (npm)

The package kssd-vol2-rev was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-44909 Malicious code in kssd-vol2-rev (npm)

The package kssd-vol2-rev was found to contain malicious code...

7AI score
Exploits0
CVE
CVE
added 2025/07/08 5:16 p.m.17 views

CVE-2025-53479

The CVE-2025-53479 entry concerns the MediaWiki CheckUser extension. Affected: Special:CheckUser interface; vulnerable in the rev-deleted-user message where the content is rendered without proper escaping, enabling reflected XSS via the uselang=x-xss language override mechanism. Affected versions...

5.4CVSS5.6AI score0.0017EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

Wikimedia Mediawiki - CheckUser Extension 安全漏洞

Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for querying IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension that stems from a rev-deleted-user message that is not properly escaped, which could lead to a reflected cross-site...

5.4CVSS6AI score0.0017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.7 views

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

5.4CVSS6AI score0.00406EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.8 views

CVE-2023-46732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a...

9.6CVSS7.1AI score0.02191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:21 a.m.6 views

CVE-2005-3778

Unspecified vulnerability in MyBulletinBoard MyBB before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors...

5CVSS6.8AI score0.01027EPSS
Exploits0References1
OSV
OSV
added 2025/02/03 9:22 a.m.5 views

SUSE-SU-2025:20118-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - Update to 2.90: CVE-2023-50387, CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses bsc1219823, bsc1219826. Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix...

7.5CVSS7AI score0.99995EPSS
Exploits1References7
NVD
NVD
added 2024/12/06 4:15 p.m.19 views

CVE-2024-54136

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to...

9.8CVSS0.00727EPSS
Exploits1References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/11/05 6:35 a.m.13 views

Maritime lawyers assemble!

Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.47 views

WordPress Slider Revolution Plugin <= 6.7.18 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.7.18 Fixed in 6.7.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8107 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 36b1d1650d8f Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2024/08/24 12:0 a.m.169 views

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...

7.4AI score
Exploits0
CVE
CVE
added 2024/07/09 12:0 a.m.52 views

CVE-2024-40038

CVE-2024-40038 affects idccms v1.35. A CSRF vulnerability exists via the endpoint "/admin/userScore_deal.php?mudi=rev". The CVSS 3.1 base score is 5.3 (Medium) with local attack vector, low impact on confidentiality, integrity, and availability, and user interaction required. Impact and root caus...

5.3CVSS7.2AI score0.00173EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/05/30 4:15 p.m.2 views

DEBIAN-CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

5.5CVSS5.7AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/05/22 1:38 p.m.76 views

CVE-2024-35550

CVE-2024-35550 affects idccms v1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /admin/infoWeb_deal.php?mudi=rev, enabling unauthorized actions by an authenticated user. CVSS v3.1 base score 6.3 (Network, Low to Medium impact; UI required). No exploit details or pro...

6.3CVSS7.4AI score0.00196EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-3752 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa via formTcpipSetup function of the D-Link DIR-619L router's firmware allows remote authenticated users to trigger a denial of service DoS through the...

5.7CVSS7.2AI score0.00674EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/03 5:45 p.m.16 views

CVE-2022-48704 drm/radeon: add a force flush to delay work when radeon

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...

6.6AI score0.00238EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.5 views

NEXSYS-ONE 安全漏洞

NEXSYS-ONE is a cloud platform from NEXSYS-ONE, Inc. A security vulnerability exists in versions prior to NEXSYS-ONE Rev. 15320 that stems from the presence of path traversal, which allows a remote attacker to obtain sensitive information...

7.5CVSS6.6AI score0.01072EPSS
Exploits0References4
OSV
OSV
added 2024/03/14 6:37 p.m.26 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.7AI score0.00321EPSS
Exploits1References4
Rows per page
Query Builder