Lucene search
K

25 matches found

EUVD
EUVD
added 2026/05/10 11:30 p.m.31 views

EUVD-2026-29008

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 2:15 a.m.22 views

CVE-2026-8221

Dev s Palace ERP Online (versions up to 4.0.0) is affected by a cross-site scripting flaw in the /inventory/item-save function. The issue stems from a manipulation that enables XSS, with remote exploitation possible and an exploit published. The records indicate the vendor was contacted but did n...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

CoolerControl 访问控制错误漏洞

CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained a access control vulnerability. This vulnerability stemmed from unvalidated functions, which could allow unauthenticated attackers to view and modify...

9.1CVSS5.8AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29611

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

9.1CVSS5.9AI score0.00426EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions of Mbed TLS from 3.5.0 to 4.0.0 contain security vulnerabilities, which stem from the potential for client impersonation when restoring TLS 1.3 sessions...

9.1CVSS5.8AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/28 12:30 p.m.3 views

EUVD-2025-205508

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.11 views

WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2025/10/22 3:16 p.m.10 views

CVE-2025-62013

Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through = 4.0.0...

4.3CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2023-36820

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-45480

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.8 views

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

6.1CVSS7.2AI score0.02881EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 4:26 p.m.75 views

CVE-2025-1647

CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....

5.6CVSS5.5AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/17 5:36 a.m.15 views

CVE-2024-54125

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...

3.3CVSS0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.5 views

PT-2024-39524 · Express · Express

Name of the Vulnerable Software and Affected Versions: Express versions 3.4.5 through 4.0.0 Description: This issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, affecting the use of the Express Response object. Recommendations: For Express...

4.7CVSS6.8AI score0.00422EPSS
Exploits0References11
OSV
OSV
added 2024/06/09 11:15 a.m.3 views

CVE-2024-30481

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/03 9:30 a.m.33 views

Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

6.6CVSS6.9AI score0.01103EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-19098 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows an adjacent attacker to execute arbitrary code in any apps through use after free. Recommendations: For OpenHarmony versions prior to 4.0.0, update to a version 4.0.0 or later ...

8.8CVSS8.1AI score0.00401EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-19088 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows a local attacker to cause a heap overflow through an integer overflow. Recommendations: For versions prior to 4.0.0, update to a version that contains a fix for this issue. At...

7.8CVSS7AI score0.0018EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.5 views

PT-2023-32590 · 52North · 52North Wps

Name of the Vulnerable Software and Affected Versions: 52North WPS versions prior to 4.0.0-beta.11 Description: An XXE XML External Entity vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP...

7.5CVSS7.3AI score0.00628EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.7 views

PT-2023-27056 · Unknown · Tvcmsvideotab

Name of the Vulnerable Software and Affected Versions: theme volty tvcmsvideotab versions up to 4.0.0 Description: The issue is a SQL injection vulnerability. It occurs via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run. Recommendations: For versions up to 4.0.0, as a temporar...

9.8CVSS9.6AI score0.00519EPSS
Exploits0References7
Rows per page
Query Builder