Lucene search
+L

163 matches found

cnnvd
cnnvd
added 2025/12/12 12:0 a.m.5 views

Japan Total System多款产品 跨站请求伪造漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site request forgery vulnerability exists in various Japan Total System products, which stems from a cross-site request forgery issue that could lead to the...

5.1CVSS4.9AI score0.00109EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/12/11 12:0 a.m.5 views

PT-2025-50603

Name of the Vulnerable Software and Affected Versions Aksis Computer Services and Consulting Inc. AxOnboard versions 3.2.0 through 3.2.9 Description A flaw exists in Aksis Computer Services and Consulting Inc. AxOnboard that permits an authorization bypass through the manipulation of...

7.6CVSS5.4AI score0.00207EPSS
Exploits0References8
cve
cve
added 2025/12/09 2:52 p.m.12 views

CVE-2025-49350

The CVE-2025-49350 entry concerns the WordPress Actionwear products sync plugin (versions up to 2.3.3). The root cause is a missing authorization due to incorrectly configured access control, leading to a broken access control vulnerability. Affected software is the Actionwear products sync plugi...

4.3CVSS6.6AI score0.00328EPSS
Exploits0References1
patchstack
patchstack
added 2025/12/06 11:48 p.m.8 views

WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Thim Elementor Kit versions = 1.3.3...

4.3CVSS7AI score0.00177EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2025/12/06 10:6 p.m.6 views

WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Actionwear products sync versions = 2.3.3...

4.3CVSS7AI score0.00328EPSS
Exploits0Affected Software1
nessus
nessus
added 2025/11/14 12:0 a.m.3 views

Fedora 41 : runc (2025-6924245627)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6924245627 advisory. Update to release v1.3.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

7.5CVSS7.2AI score0.00626EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/12 12:0 a.m.4 views

WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

4.3CVSS6AI score0.00252EPSS
Exploits0References5
patchstack
patchstack
added 2025/10/20 6:47 p.m.6 views

WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin ACF to REST API versions = 3.3.4...

5.3CVSS7AI score0.00223EPSS
Exploits0Affected Software1
nessus
nessus
added 2025/10/15 12:0 a.m.6 views

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

5.5CVSS7.2AI score0.00457EPSS
Exploits1References4
wolfi
wolfi
added 2025/10/09 2:47 p.m.10 views

GHSA-W9PC-FMGC-VXVW vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.2-rack, logstash, ruby3.4-rack, ruby3.3-rails, ruby3.4-rails, ruby3.3-rack, ruby4.0-rack, gitlab-cng...

6.1AI score
Exploits0
cvelist
cvelist
added 2025/09/26 9:5 a.m.8 views

CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...

6.5CVSS0.00347EPSS
Exploits0References2
cve
cve
added 2025/09/26 9:4 a.m.23 views

CVE-2025-10858

GitLab CE/EE vulnerable to unauthenticated DoS when uploading specially crafted large JSON files. Affected branches: all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Impact is Denial of Service (availability impact). CVSS 3.1 base score 7.5 (HIGH) with network attack vector...

7.5CVSS6.5AI score0.00559EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2025/09/23 9:15 a.m.5 views

CVE-2025-9798

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

8.9CVSS0.00252EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/23 8:44 a.m.3 views

CVE-2025-9798 Stored XSS in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

8.9CVSS5.4AI score0.00252EPSS
Exploits0References2
snyk
snyk
added 2025/09/03 3:30 p.m.5 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...

5.3CVSS7AI score0.00288EPSS
Exploits0References2
ncsc
ncsc
added 2025/07/23 7:46 a.m.6 views

Vulnerabilities fixed in Cisco ISE and ISE-PIC

Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...

10CVSS8.1AI score0.96732EPSS
Exploits12References1
osv
osv
added 2025/06/29 9:15 a.m.4 views

USN-8478-1 ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...

9.8CVSS6AI score0.00429EPSS
Exploits0References4
snyk
snyk
added 2025/06/26 2:46 p.m.4 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...

6.8CVSS6.8AI score0.00195EPSS
Exploits1References2
nvd
nvd
added 2025/06/09 4:15 p.m.7 views

CVE-2025-31920

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through = 4.3.3...

8.5CVSS0.00329EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/06/06 12:0 a.m.5 views

WordPress plugin Everest Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder