Lucene search
K

18 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability

Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.5 views

JetBrains TeamCity < 2025.11.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains TeamCity before 2025.11.0 Excessive privileges were possible due to storing GitHub personal access token inste...

6.5CVSS6AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/17 4:4 p.m.6 views

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

6.1CVSS6.3AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 4:16 p.m.2 views

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/16 4:16 p.m.7 views

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

6.1CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 3:27 p.m.6 views

CVE-2025-68268

CVE-2025-68268 is a reflected XSS vulnerability in JetBrains TeamCity versions before 2025.11.1, specifically on the storage settings page. The connected Nessus advisory corroborates that TeamCity

6.1CVSS5.9AI score0.00168EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/16 3:27 p.m.32 views

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

5.4CVSS0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 3:27 p.m.2 views

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 3:27 p.m.4 views

EUVD-2025-203762

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51719

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page...

5.4CVSS6.3AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-3071

Malware in sbrugna...

6.5CVSS6.4AI score0.03058EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51694

Malicious code in bioql PyPI...

5.9CVSS9.1AI score0.00451EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/19 2:22 a.m.12 views

CVE-2025-9629

The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the usssettingpage function when processing the ussset form type. This makes it possible for unauthenticated attacker...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/09/17 2:15 a.m.4 views

CVE-2025-9629

The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the usssettingpage function when processing the ussset form type. This makes it possible for unauthenticated attacker...

4.3CVSS0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/17 1:49 a.m.2 views

CVE-2025-9629 USS Upyun <= 1.5.0 - Cross-Site Request Forgery

The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the usssettingpage function when processing the ussset form type. This makes it possible for unauthenticated attacker...

4.3CVSS5.1AI score0.00156EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.7 views

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar lies in its authentication procedures’ deficiencies, which allow attackers to alter arbitrary storage settings, TTL values, and download configurations.

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to alter arbitrary storage settings, TTL values, and download configurations...

6.4CVSS6.7AI score0.01701EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2008/07/09 12:41 a.m.17 views

Input validation

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

6.5CVSS8.2AI score0.03058EPSS
Exploits0References21Affected Software1
Rows per page
Query Builder