Lucene search
K

377 matches found

CVE
CVE
added 2025/11/06 9:50 p.m.19 views

CVE-2024-12125

The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...

7.5CVSS6.2AI score0.00243EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/06 2:27 a.m.6 views

foreman: OS command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS6AI score0.00573EPSS
Exploits0References5
NVD
NVD
added 2025/11/05 8:15 a.m.10 views

CVE-2025-10622

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS0.00573EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/05 7:32 a.m.3 views

CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS6.5AI score0.00573EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/05 7:32 a.m.6 views

CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS0.00573EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.6 views

CVE-2025-11890

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS6AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.5 views

Red Hat Satellite 安全漏洞

Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...

8CVSS6.8AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

XiaozhangBang Voluntary Like System 安全漏洞

XiaozhangBang Voluntary Like System is a software program from XiaozhangBang, a Chinese company. A security vulnerability exists in XiaozhangBang Voluntary Like System version V8.8, which stems from insufficient server-side validation of the parameters zhekou and zid in the file /topfirst.php,...

6.5CVSS6.6AI score0.0036EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45091

Name of the Vulnerable Software and Affected Versions Red Hat Satellite Foreman component affected versions not specified Description A flaw exists in Red Hat Satellite’s Foreman component that could allow an authenticated user with edit settings permissions to execute arbitrary commands on the...

8CVSS6.9AI score0.00573EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.3 views

PT-2025-45162

Name of the Vulnerable Software and Affected Versions XiaozhangBang Voluntary Like System version 8.8 Description A flaw exists in the XiaozhangBang Voluntary Like System version 8.8 that allows remote attackers to manipulate the zhekou parameter within the /topfirst.php Pay module. By sending a...

6.5CVSS6.4AI score0.0036EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44808

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker is an open source issue tracker. A lack of server-side validation of note length allows attackers to permanently corrupt issue activity logs by submitting extremely lo...

7.5CVSS6.6AI score0.00375EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/11/03 5:7 p.m.6 views

MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...

7.5CVSS6.8AI score0.00375EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.4 views

PT-2025-41488

Name of the Vulnerable Software and Affected Versions Perfex CRM versions prior to 3.3.1 Description The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the username...

7.3CVSS6.7AI score0.00263EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-3908

Malware in sbrugna...

6CVSS6.4AI score0.01099EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-7109

Malware in sbrugna...

9.8CVSS9.1AI score0.01805EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-3191

Malware in sbrugna...

6.5CVSS5.9AI score0.00877EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-36212

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00863EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-26118

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7671

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-18191

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder