Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7818

Malicious code in bioql PyPI...

8CVSS6.6AI score0.00205EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7685

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/15 2:16 a.m.8 views

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

5.4CVSS5.5AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/15 2:15 a.m.8 views

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8CVSS8AI score0.00205EPSS
Exploits1References1
NVD
NVD
added 2025/03/10 10:15 p.m.14 views

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8CVSS0.00205EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/10 12:0 a.m.5 views

CVE-2025-25907

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8.2AI score0.00211EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/10 12:0 a.m.10 views

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8.2AI score0.00205EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.16 views

CVE-2025-25907

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

0.00211EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.15 views

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

0.00252EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.17 views

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

0.00205EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/10 12:0 a.m.4 views

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

5.7AI score0.00252EPSS
Exploits1References1
OSV
OSV
added 2025/03/10 12:0 a.m.9 views

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8CVSS7.9AI score0.00205EPSS
Exploits1References3
CVE
CVE
added 2025/03/10 12:0 a.m.72 views

CVE-2025-27910

CVE-2025-27910 concerns tianti v2.3, which contains a CSRF in the /user/ajax/upd/status handler. The advisory states that an attacker can trigger arbitrary operations by crafting a GET or POST request, with a CVSSv3.1 base score of 8.0 (HIGH) and an attack that is network-based, requires low priv...

8CVSS8.2AI score0.00205EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/10 12:0 a.m.67 views

CVE-2025-25907

CVE-2025-25907 affects the tianti CMS, version 2.3. The issue is a Cross-Site Request Forgery (CSRF) in the component /user/ajax/save that allows an attacker to cause arbitrary operations via a crafted GET or POST request. The primary consequence is unauthorized actions performed with the user’s ...

8.8CVSS8.2AI score0.00211EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder