Lucene search
K

938 matches found

Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.5 views

PT-2025-39582

Name of the Vulnerable Software and Affected Versions Joovii Sendle Shipping versions through 6.02 Description A Cross-Site Request Forgery CSRF issue exists in Joovii Sendle Shipping. This allows attackers to perform actions on behalf of unsuspecting users. The issue allows Cross Site Request...

4.3CVSS6.3AI score0.00131EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/09/16 7:45 p.m.4 views

CVE-2025-34186

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...

9.8CVSS5.8AI score0.00829EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2025/09/14 6:59 a.m.72 views

CVE

It is an offensive tool for web applications. The repository app...

7.1AI score
Exploits0
CVE
CVE
added 2025/09/10 7:11 p.m.21 views

CVE-2025-43784

CVE-2025-43784 affects Liferay Portal (7.4.0–7.4.3.124) and Liferay DXP (2024.Q2.0–2024.Q2.8, 2024.Q1.1–2024.Q1.12, and 7.4 GA through update 92). Root cause: improper access control allowing guest users to view object entries via API Builder. Impact: exposure of object entries information (confi...

6.5CVSS6AI score0.00238EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.8 views

PT-2025-36440

Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit Core versions 1.0.0 through 2.22.1 Apache Jackrabbit JCR Commons versions 1.0.0 through 2.22.1 Description: This issue involves the deserialization of untrusted data in Apache Jackrabbit Core and Apache Jackrabbit JCR Common...

6.5CVSS7.7AI score0.01286EPSS
Exploits0References29
CVE
CVE
added 2025/09/03 3:2 p.m.20 views

CVE-2025-58460

The CVE concerns the Jenkins OpenTelemetry Plugin (versions up to 3.1543.v8446b_92b_cd64) with a missing permission check. This allows attackers who have Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, enabling capture...

4.2CVSS6.1AI score0.00223EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-34842 · Print.Pl · Print.Pl

Name of the Vulnerable Software and Affected Versions: Print.pl affected versions not specified Description: The uhcPrintServerPrint function allows execution of arbitrary code via the CopyCounter parameter. Recommendations: At the moment, there is no information about a newer version that contai...

9.4CVSS6.5AI score0.00231EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc

Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...

9.4CVSS7.2AI score0.00737EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.4 views

PT-2025-34847 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...

9.4CVSS5.9AI score0.00231EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.6 views

PT-2025-34857 · Cgm · Cgm Clininet

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The configuration file containing database logins and passwords is readable by any local user. Recommendations: At the moment, there is no information about a...

9.4CVSS5.7AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.6 views

PT-2025-34846 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: Unauthenticated access to the /cgi-bin/CliniNET.prd/GetActiveSessions.pl endpoint allows takeover of any user session logged into the system, including those with administrative privileges...

9.4CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.8 views

PT-2025-34343 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong is susceptible to an arbitrary file reading issue. This allows remote attackers with regular privileges to exploit an Absolute Path Traversal flaw to...

7.1CVSS7.1AI score0.00502EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.4 views

PT-2025-34237

Name of the Vulnerable Software and Affected Versions: org.keycloak/keycloak-model-storage-service affected versions not specified Description: A flaw exists in the KeycloakRealmImport custom resource, which substitutes placeholders within imported realm documents, referencing environment...

4.9CVSS4.2AI score0.0046EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-33903 · Six Apart · Movable Type

Name of the Vulnerable Software and Affected Versions: Movable Type affected versions not specified Description: An open redirect issue exists in Movable Type. Exploitation of this issue may allow an attacker to insert an invalid parameter into the password reset page, potentially redirecting use...

5.1CVSS7.1AI score0.0019EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.7 views

PT-2025-33716 · Unknown · Fluke Process Instruments Devices

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An unauthenticated remote attacker can grant access without password protection to the affected device, enabling unprotected read-only access to stored measurement data. Recommendations: At the...

7.5CVSS7.1AI score0.00347EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.5 views

PT-2025-33725 · Lexmark · Lexmark Cloud Services

Name of the Vulnerable Software and Affected Versions: Lexmark Cloud Services affected versions not specified Description: A missing authorization vulnerability in Lexmark Cloud Services badge management allows an attacker to reassign badges within their organization. Recommendations: At the...

8.5CVSS6.8AI score0.00279EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33473 · Zte · Zte F50

Name of the Vulnerable Software and Affected Versions: ZTE F50 affected versions not specified Description: An unauthorized access issue exists in ZTE F50 due to improper permission control of the Web module interface. This allows an unauthorized attacker to obtain sensitive information through t...

5.7CVSS5.9AI score0.00244EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @malware-test-airer-dojos-rabat-mased/test-mlw3-airer-dojos-rabat-mased (npm)

The package @malware-test-airer-dojos-rabat-mased/test-mlw3-airer-dojos-rabat-mased was found to contain malicious code...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.10 views

PT-2025-33397 · WordPress · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder affected versions not specified Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS. Recommendations: At the moment, there is no information about...

6.5CVSS5.7AI score0.00159EPSS
Exploits0References5
Metasploit
Metasploit
added 2025/08/13 6:54 p.m.518 views

Windows Download Execute

Downloads and executes the file from the specified url. Module Options msf use payload/windows/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec run...

5.8AI score
Exploits0
Rows per page
Query Builder