Lucene search
+L

98 matches found

Cvelist
Cvelist
added 2025/08/20 12:53 p.m.12 views

CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...

4.6CVSS0.00215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-36674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypa...

5.3CVSS6.1AI score0.00737EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:3 a.m.6 views

CVE-2018-9379

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.6 views

PT-2025-19322

Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified FileStation affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers may...

5.5CVSS6.2AI score0.00359EPSS
Exploits0References8
OSV
OSV
added 2025/02/12 8:15 a.m.7 views

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

9.8CVSS6.3AI score0.0066EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.6 views

XunRuiCMS 代码问题漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code issue vulnerability exists in XunRuiCMS version 4.6.4 and prior versions, which stems from a deserialization issue contained in the thumb parameter of /Control/Api/Api.php...

9.8CVSS6.7AI score0.0066EPSS
Exploits0References4
OSV
OSV
added 2025/01/17 11:15 p.m.4 views

CVE-2018-9379

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00099EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/21 3:52 a.m.4 views

SUSE CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

5.5CVSS7.5AI score0.00238EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.5 views

MajorDoMo 安全漏洞

MajorDoMo is an open source DIY smart home automation platform from the MajorDoMo community. A security vulnerability exists in versions prior to MajorDoMo v.0662e5e. An attacker exploited the vulnerability to escalate privileges via the thumb/thumb.php component...

7.1CVSS7AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2024/03/26 4:15 p.m.7 views

CVE-2024-29810

The thumburl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumburl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS5.8AI score0.00415EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.7 views

PT-2024-23056 · WordPress · Admin-Ajax.Php

Name of the Vulnerable Software and Affected Versions: admin-ajax.php affected versions not specified Description: The issue concerns a reflected Cross Site Scripting vulnerability in the thumb url parameter of the AJAX call to the editimage bwg action of admin-ajax.php. This allows an attacker t...

5.4CVSS9AI score0.00415EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/12/25 12:0 a.m.11 views

The vulnerability of the implementation of the thumb.php script module on the thumb platform for creating the “Smart Home” MajorDoMo system allows a violator to execute arbitrary commands.

The vulnerability of the thumb.php script implementation in the thumb module of the “Smart Home” MajorDoMo platform is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.38263EPSS
Exploits6References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/15 5:15 p.m.3 views

CVE-2023-50917

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...

9.8CVSS6AI score0.38263EPSS
Exploits6References8
Positive Technologies
Positive Technologies
added 2023/10/28 12:0 a.m.3 views

PT-2023-7967 · Majordomo · Majordomo

Name of the Vulnerable Software and Affected Versions: MajorDoMo version before 0662e5e Description: The issue is related to the thumb.php module in MajorDoMo, which allows command execution via shell metacharacters. This can be exploited by a remote attacker to execute arbitrary commands. The...

10CVSS9.5AI score0.38263EPSS
Exploits6References24
ATTACKERKB
ATTACKERKB
added 2023/08/20 6:15 p.m.6 views

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS6AI score0.00737EPSS
Exploits0References8
OSV
OSV
added 2023/08/20 6:15 p.m.1 views

DEBIAN-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.5AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2023/08/20 6:15 p.m.13 views

UBUNTU-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.8AI score0.00737EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.6 views

PT-2023-25673 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.11 MediaWiki versions 1.36.x through 1.38.x before 1.38.7 MediaWiki versions 1.39.x before 1.39.4 MediaWiki versions 1.40.x before 1.40.1 Description: An issue was discovered in MediaWiki. It is possible to...

9.8CVSS6AI score0.22699EPSS
Exploits27References120
Tenable Nessus
Tenable Nessus
added 2023/07/01 12:0 a.m.44 views

FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...

7.5CVSS6AI score0.01216EPSS
Exploits1References5
Talos Blog
Talos Blog
added 2023/01/26 11:15 p.m.20 views

What Old is New Again and What's Old is Me?

Welcome to this weeks edition of the Threat Source newsletter. Whats old is new again and whats old is still old. The fact that we are seeing a comeback of this USB thumb drive nonsense is giving me heartburn, and a headache, and my left eye is twitching … and maybe numbness in my legs? Yes, I am...

7.8AI score
Exploits0
Rows per page
Query Builder