Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.21 views

PT-2026-33415

Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions prior to 3.1.2 Description Missing authorization occurs due to the absence of capability checks or nonce verification in the updateOptions function. This function is exposed via two AJAX hooks: 'wp ajax...

4.3CVSS5.2AI score0.00282EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28816

Malicious code in bioql PyPI...

5.1CVSS4.8AI score0.00268EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/21 12:15 p.m.17 views

CVE-2025-9137

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

5.1CVSS6.6AI score0.00268EPSS
Exploits1References1
NVD
NVD
added 2025/08/19 1:15 p.m.7 views

CVE-2025-9137

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

5.1CVSS0.00268EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/08/19 12:2 p.m.4 views

CVE-2025-9137 Scada-LTS scheduled_events.shtm cross site scripting

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

5.1CVSS4AI score0.00268EPSS
Exploits1References5
CVE
CVE
added 2025/08/19 12:2 p.m.28 views

CVE-2025-9137

CVE-2025-9137 affects Scada-LTS 2.7.8.1 and involves cross-site scripting via manipulation of the alias parameter in the scheduled_events.shtm file. The vulnerability is exploitable remotely; multiple sources describe an admin-permission requirement and note that an admin user can inject HTML/JS ...

5.1CVSS4AI score0.00268EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2025/08/19 12:2 p.m.15 views

CVE-2025-9137 Scada-LTS scheduled_events.shtm cross site scripting

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

5.1CVSS0.00268EPSS
Exploits1References5
OSV
OSV
added 2025/08/19 12:2 p.m.6 views

CVE-2025-9137 Scada-LTS scheduled_events.shtm cross site scripting

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

5.1CVSS4AI score0.00268EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.5 views

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which stems from improper manipulation of the alias parameter in the scheduledevents.shtm file, which could lead to a cross-site scriptin...

5.1CVSS6.6AI score0.00268EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.8 views

PT-2025-33722 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A cross-site scripting issue exists due to manipulation of the alias argument within the scheduled events.shtm file. The attack can be executed remotely. The vendor states that exploitation likely requir...

5.1CVSS3.7AI score0.00268EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.5 views

The vulnerability of the Moodle learning management system allows a hacker to view protected information about scheduled events.

The vulnerability of the calendar/externallib.php component in the Moodle learning management system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to access sensitive information about scheduled events...

4CVSS5.4AI score0.01687EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder