Lucene search
K

70 matches found

Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 10:15 p.m.2 views

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

5.4CVSS5.7AI score0.00197EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/11 4:17 p.m.2 views

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

7.8CVSS7AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46373

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw in a script that could allow an attacker to manipulate code generation with malicious input. Exploitation of this issue may result in...

7.8CVSS6.5AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 2025/10/13 3:59 a.m.9 views

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request, which is reflected in the server’s immediate response and executed in the victim’s browser. The vulnerability is documented across multiple sources (incl...

4.3CVSS5.7AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/11 1:23 a.m.6 views

CVE-2025-11450

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-14014

Malware in sbrugna...

8.8CVSS8.7AI score0.05089EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-7250

Malware in sbrugna...

9.3CVSS6.4AI score0.09615EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-15563

Malware in sbrugna...

5.9CVSS6AI score0.01589EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: socat (UTSA-2025-986111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986111 advisory. readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. Tenable has extracted the preceding description block directly from the Unity Linux securit...

9.8CVSS6.8AI score0.008EPSS
Exploits0References4
OSV
OSV
added 2025/09/22 1:15 a.m.5 views

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

7.2CVSS5.6AI score0.20023EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.4 views

Accela Automation Platform 安全漏洞

Accela Automation Platform is an automation platform from Accela Canada. A security vulnerability exists in Accela Automation Platform version 22.2.3.0.230103, which stems from multiple issues with the Test Script functionality, including the ability to execute arbitrary Java code, improper...

9.1CVSS8.2AI score0.00694EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/15 4:32 a.m.12 views

CVE-2025-10426 itsourcecode Online Laundry Management System login.php sql injection

A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been releas...

7.5CVSS0.00387EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/12 7:32 p.m.8 views

CVE-2025-10324 Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

7.5CVSS0.08082EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/08 3:32 a.m.3 views

CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload

A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...

5.8CVSS6.2AI score0.00427EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.4 views

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

7.3CVSS8.2AI score0.00165EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.9 views

The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.

The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...

9.1CVSS5.9AI score0.04547EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.6 views

Code-Projects Daily Expense Manager SQL注入漏洞

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

9.8CVSS7.9AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 1:15 a.m.4 views

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/10/22 12:0 a.m.5 views

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

8CVSS5.8AI score0.0209EPSS
Exploits0References5
Rows per page
Query Builder