Lucene search
+L

15 matches found

RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.7 views

CVE-2025-34280

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...

8.6CVSS8AI score0.01302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 6:43 a.m.3 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.6AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.10 views

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

9.3CVSS8.1AI score0.02464EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/26 4:10 p.m.3 views

CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

8.7CVSS9AI score0.00462EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/13 9:38 a.m.7 views

CVE-2025-33024

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.5, RUGGEDCOM ROX MX5000RE All versions V2.16.5, RUGGEDCOM ROX RX1400 All versions V2.16.5, RUGGEDCOM ROX RX1500 All versions V2.16.5, RUGGEDCOM ROX RX1501 All versions V2.16.5, RUGGEDCOM ROX RX1510 All versions V2.16.5...

9.9CVSS9.4AI score0.01168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-23757 · Motorola · Motorola Guideme

Name of the Vulnerable Software and Affected Versions: Motorola GuideMe affected versions not specified Description: A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, which could allow for a local attacker to read arbitrary...

6.3CVSS6.7AI score0.00283EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/12 12:0 a.m.41 views

Debian dla-3359 : libapache2-mod-auth-mellon - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3359 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected]...

6.1CVSS6.9AI score0.01423EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.4 views

SUSE CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

6.5CVSS7.3AI score0.08325EPSS
Exploits1References8
OSV
OSV
added 2022/10/19 6:15 p.m.5 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References2
OSV
OSV
added 2017/12/20 10:29 p.m.6 views

CVE-2017-5255

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...

8.8CVSS5.8AI score0.74556EPSS
Exploits7References2
Prion
Prion
added 2017/05/12 2:29 p.m.22 views

Design/Logic Flaw

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests...

5CVSS5.2AI score0.03542EPSS
Exploits0References1Affected Software18
OpenVAS
OpenVAS
added 2012/10/03 12:0 a.m.16 views

Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)

The remote host is missing updates announced in advisory GLSA 201209-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.4AI score0.02862EPSS
Exploits2
OpenVAS
OpenVAS
added 2010/02/01 12:0 a.m.39 views

Debian: Security Advisory (DSA-1974-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS9AI score0.04774EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2010/01/22 12:0 a.m.32 views

Mandriva Update for gzip MDVSA-2010:020 (gzip)

Check for the Version of gzip OpenVAS Vulnerability Test Mandriva Update for gzip MDVSA-2010:020 gzip Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

6.8CVSS0.6AI score0.04774EPSS
Exploits0References2
OSV
OSV
added 2010/01/20 12:0 a.m.38 views

DSA-1974-1 gzip - arbitrary code execution

Bulletin has no description...

6.8CVSS8.8AI score0.04774EPSS
Exploits1
Rows per page
Query Builder