Lucene search
K

3278 matches found

Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51965

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScri...

5.4CVSS6.7AI score0.00233EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/16 3:30 p.m.5 views

EUVD-2025-203723

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...

5.9AI score0.00168EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/16 3:6 p.m.25 views

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: lookup hciconn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hciconn is not concurrently modified/deleted. This locking appears to be leftover from...

0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/15 1:25 p.m.4 views

CVE-2025-6966

A flaw was found in python-apt. This vulnerability allows a local attacker to cause a denial of service Denial of Service process crash via a crafted deb822 file with a malformed non-UTF-8 key. Mitigation Mitigation for this issue is either not available or the currently available options do not...

6.9CVSS5.4AI score0.00122EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.18 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/12 9:16 p.m.5 views

CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

9.8CVSS6.9AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2025/12/12 5:16 a.m.11 views

CVE-2025-66492

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

8.2CVSS0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 4:50 a.m.5 views

CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

8.2CVSS6.3AI score0.0021EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 4:50 a.m.14 views

CVE-2025-66492

CVE-2025-66492 – Masa CMS : Multiple Masa CMS releases are vulnerable to XSS when an unsanitized value from the ajax URL query parameter is injected into the HTML head. Affected versions include 7.2.8 and earlier, 7.3.1–7.3.13, 7.4.0-alpha.1–7.4.8, and 7.5.0–7.5.1. The issue allows execution of a...

8.2CVSS6.3AI score0.0021EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/12 4:50 a.m.5 views

EUVD-2025-203028

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

8.2CVSS6.2AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 4:50 a.m.6 views

CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

8.2CVSS6.6AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50881

Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.8 and below Masa CMS versions 7.3.1 through 7.3.13 Masa CMS versions 7.4.0-alpha.1 through 7.4.8 Masa CMS versions 7.5.0 through 7.5.1 Description Masa CMS, an open source Enterprise Content Management platform, is...

8.2CVSS5.7AI score0.0021EPSS
Exploits0References5
NVD
NVD
added 2025/12/11 9:15 p.m.4 views

CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

9.8CVSS0.0035EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/11 8:32 p.m.19 views

CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

7.5CVSS0.0035EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/11 8:32 p.m.4 views

EUVD-2025-202875

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

7.5CVSS6.3AI score0.0035EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/12/11 4:48 p.m.8 views

quic-go HTTP/3 QPACK Header Expansion DoS

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header names and/or large values. The implementation builds an http.Header used on th...

5.3CVSS6.9AI score0.00325EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

Code-Projects Class and Exam Timetable Management SQL注入漏洞

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter courseyearsection/semester in the file...

9.8CVSS8AI score0.0035EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.6 views

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2025-2455)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file...

7.8CVSS4.9AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.4 views

CVE-2025-63033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...

5.9CVSS5.9AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...

5.5AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder