Lucene search
K

27 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52386

Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/01/31 2:22 p.m.28 views

CVE-2026-1165

CVE-2026-1165 affects Popup Box for WordPress up to version 6.1.1. The vulnerability is a Cross-Site Request Forgery due to a flawed nonce implementation in publish_unpublish_popupbox that validates a self-created nonce instead of the request nonce, enabling unauthenticated attackers to change po...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2026/01/11 1:15 p.m.18 views

CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

8.1CVSS0.23054EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/05 10:58 p.m.5 views

EUVD-2025-206236

vega-functions vulnerable to Cross-site Scripting via setdata function...

7.2CVSS6AI score0.00184EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/05 9:33 p.m.2 views

CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

7.2CVSS6.3AI score0.00184EPSS
Exploits1References1
CVE
CVE
added 2025/12/18 7:21 a.m.6 views

CVE-2025-54745

CVE-2025-54745 concerns a Missing Authorization vulnerability in miniOrange’s Google Authenticator WordPress plugin (miniorange-2-factor-authentication) up to version 6.1.1. Connected sources confirm a Broken Access Control/Incorrectly Configured Access Control vulnerability affecting the plugin ...

6.5CVSS6.6AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:21 a.m.24 views

CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...

6.5CVSS0.00273EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.5 views

CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1

CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...

7.8CVSS6.8AI score0.00167EPSS
Exploits0
OSV
OSV
added 2025/11/14 6:15 p.m.8 views

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

3.8CVSS5.7AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.9 views

PT-2025-46987

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A flaw exists in the Application Server of Desktop Alert PingAlert that can lead to the disclosure of technical information via stack traces. Recommendations Update to a...

4.3CVSS6.2AI score0.00199EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 8:15 a.m.12 views

AZL-64395 CVE-2025-38087 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

7.8CVSS6.3AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.8 views

CVE-2017-11197

In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option...

7.8CVSS7.4AI score0.00985EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.5 views

DTEX DEC-M 安全漏洞

DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...

8.8CVSS6.7AI score0.00979EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/03 12:0 a.m.6 views

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg n6.1.1, which can be exploited by a remote attacker to submit a special file and trick the user into parsing it, which can crash the...

6.2CVSS7.1AI score0.00271EPSS
Exploits0References5
OSV
OSV
added 2024/12/27 2:15 p.m.11 views

AZL-55715 CVE-2024-53170 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blkmqclearflushrqmapping is not called during scsi probe, by checking blkqueueinitdone. However, QUEUEFLAGINITDONE is cleared in delgendisk by commit aec89dc5d421 "block: keep...

7.8CVSS6.5AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 8:15 p.m.2 views

DEBIAN-CVE-2024-35367

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dspaltivec.c, static const vecs8 hsubpelfiltersouter...

9.1CVSS6.7AI score0.00669EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.5 views

Astra Linux – Vulnerability in ffmpeg

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library, which allows for an integer overflow. This could potentially lead to a denial-of-service DoS attack or other undefined behaviors...

6.2CVSS6.7AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.6 views

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional versions 5.3.1 through prior to 6.1.1, which stems from the presence of a buffer...

7.3CVSS7.5AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.5 views

PT-2022-7658 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.1 Description: The vulnerability is related to a buffer overflow issue in the vivid component of the Linux kernel. It occurs due to a failure to check boundaries after adjusting the compose height in the V4L...

7.8CVSS6.7AI score0.02701EPSS
Exploits8References923
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

WordPress plugin Cimy Header Image Rotator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Cimy Header Image Rotator plugin 6.1.1 and earlier versions are vulnerable to cross-site...

4.3CVSS5.4AI score0.00412EPSS
Exploits2References2
Rows per page
Query Builder