Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13267

Malicious code in bioql PyPI...

6.1CVSS8.9AI score0.14477EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/03 7:15 p.m.17 views

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS7AI score0.14477EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 7:15 p.m.14 views

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS0.14477EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 6:44 p.m.32 views

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS0.14477EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 6:44 p.m.57 views

CVE-2025-36558

KUNBUS Revolution Pi PiCtory (versions 2.11.1 and earlier) is affected by multiple XSS and auth-related CVEs. The core issue is insufficient input sanitization of the sso_token in PiCtory, enabling reflected XSS via the token and stored XSS via crafted filenames; separate authentication bypass vi...

6.1CVSS6.2AI score0.14477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 6:44 p.m.8 views

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS6.2AI score0.14477EPSS
Exploits0References2
Rows per page
Query Builder