Lucene search
+L

106 matches found

github
github
added 2026/01/21 6:30 p.m.14 views

phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

6.3AI score0.00262EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/01/13 12:59 p.m.25 views

CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...

8.8CVSS0.00423EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/13 12:0 a.m.6 views

Progress Flowmon ADS SQL注入漏洞

Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...

8.8CVSS6AI score0.00423EPSS
Exploits0References1
cve
cve
added 2025/12/18 7:53 p.m.13 views

CVE-2024-58321

CVE-2024-58321 is a stored XSS vulnerability in Kentico Xperience introduced via form validation rule configuration. Affected components are Kentico Xperience ASP.NET Core WebApp and ASP.NET MVC5 Libraries (as referenced in Snyk and CVE records). The underlying issue is insufficient encoding of v...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
cve
cve
added 2025/12/12 3:20 a.m.28 views

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

5.3CVSS7.1AI score0.00407EPSS
Exploits0References6
euvd
euvd
added 2025/11/21 5:55 p.m.3 views

EUVD-2025-198510

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...

5.3CVSS6.2AI score0.00228EPSS
Exploits0References1
cve
cve
added 2025/11/21 5:55 p.m.12 views

CVE-2025-64483

CVE-2025-64483 affects Wazuh (4.9.0–before 4.13.0) via the Wazuh API – Agent Configuration endpoint. In certain configurations, authenticated users with read-only API roles could retrieve agent enrollment credentials through the /utils/configuration endpoint, enabling registration of new agents w...

5.3CVSS6.3AI score0.00228EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/11/21 12:0 a.m.7 views

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.13.0 that originates from an authenticated attacker w...

9.1CVSS7.9AI score0.00703EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/11/20 12:47 p.m.3 views

CVE-2025-41074 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

6.9CVSS6.3AI score0.00279EPSS
Exploits0References1
patchstack
patchstack
added 2025/11/18 11:53 p.m.8 views

WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability

WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability discovered by shark3y in WordPress Plugin GiveWP versions = 4.13.0...

7.2CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/11/14 10:1 p.m.13 views

CVE-2025-64748

Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...

6.5CVSS7.1AI score0.0027EPSS
Exploits0References1
osv
osv
added 2025/11/13 9:13 p.m.6 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.9AI score0.00241EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/11/13 12:0 a.m.15 views

PT-2025-46911

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...

4.6CVSS6.5AI score0.00187EPSS
Exploits1References9
nessus
nessus
added 2025/11/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-13013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and...

6.1CVSS6.4AI score0.00198EPSS
Exploits0References3
patchstack
patchstack
added 2025/11/09 3:33 p.m.7 views

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

5.3CVSS7AI score0.00221EPSS
Exploits0Affected Software1
nvd
nvd
added 2025/10/29 5:15 p.m.6 views

CVE-2025-60595

SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...

8.2CVSS0.00291EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/29 12:0 a.m.5 views

SPH Engineering UgCS 安全漏洞

SPH Engineering UgCS is a UAV mission planning and flight control software from the Latvian company SPH. A security vulnerability exists in SPH Engineering UgCS version 5.13.0, which originates from a vulnerability that could lead to arbitrary code execution...

8.2CVSS7.5AI score0.00291EPSS
Exploits0References3
cve
cve
added 2025/10/29 12:0 a.m.19 views

CVE-2025-60595

CVE-2025-60595 affects SPH Engineering UgCS 5.13.0 and enables arbitrary code execution. The included metrics indicate a network-exposed, low-Complexity attack with no privileges required and no user interaction, resulting in high integrity impact and low confidentiality impact. The sources confi...

8.2CVSS7.2AI score0.00291EPSS
Exploits0References2
osv
osv
added 2025/10/28 9:34 p.m.6 views

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

5.3CVSS6.4AI score0.0025EPSS
Exploits1References3
cvelist
cvelist
added 2025/10/28 9:34 p.m.11 views

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

5.3CVSS0.0025EPSS
Exploits1References1
Rows per page
Query Builder