Lucene search
K

12640 matches found

Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.247 views

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via the Chat Transfer Function Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software...

5.4CVSS7.4AI score0.00872EPSS
Exploits4
OSV
OSV
added 2025/07/21 7:15 p.m.7 views

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

5.4CVSS5.2AI score0.00872EPSS
Exploits4References3
OSV
OSV
added 2025/07/21 6:15 p.m.1 views

UBUNTU-CVE-2025-7962

In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

7.5CVSS6.6AI score0.00756EPSS
Exploits0References3
OSV
OSV
added 2025/07/21 3:15 p.m.3 views

CVE-2025-46118

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary...

5.3CVSS6AI score0.00501EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/21 5:44 a.m.10 views

CVE-2025-29757

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...

9.4CVSS6.2AI score0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.4 views

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

5.3AI score0.00872EPSS
Exploits4References3
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.2 views

live helper chat 安全漏洞

live helper chat is an open source plugin from an individual developer that supports online chat. It provides chat functionality for web platforms. A security vulnerability exists in live helper chat version v4.60, which stems from insufficient validation of the operator name parameter input in t...

5.4CVSS5.7AI score0.00872EPSS
Exploits4References5
Cvelist
Cvelist
added 2025/07/21 12:0 a.m.11 views

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

0.00872EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.5 views

The vulnerability of the Wing FTP server, related to improper checking of the value of the session cookie file UID, allows a hacker to disclose protected information.

The vulnerability of the Wing FTP server is related to improper checking of the value of the session cookie file UID at the /loginok.html endpoint. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information...

4.3CVSS8AI score0.56366EPSS
Exploits3References5Affected Software1
The Hacker News
The Hacker News
added 2025/07/20 7:35 a.m.13 views

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS...

10CVSS8.5AI score0.99963EPSS
Exploits47
NVD
NVD
added 2025/07/19 6:15 a.m.6 views

CVE-2025-29757

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...

9.4CVSS0.00376EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/19 5:15 a.m.2 views

CVE-2025-29757

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...

9.4CVSS6.1AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/19 5:15 a.m.5 views

CVE-2025-29757

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...

9.4CVSS0.00376EPSS
Exploits0References4
CVE
CVE
added 2025/07/19 5:15 a.m.25 views

CVE-2025-29757

CVE-2025-29757 involves an incorrect authorization check in the Growatt cloud service’s plant transfer function. The vulnerability allows a malicious user with a valid account to transfer any plant into their own account, due to insufficient access control. Affected component: Growatt cloud servi...

9.4CVSS6.9AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/19 12:0 a.m.3 views

PT-2025-30116 · Growatt · Growatt Cloud Service

Name of the Vulnerable Software and Affected Versions: Growatt cloud service affected versions not specified Description: An incorrect authorisation check exists in the 'plant transfer' function. This allows a malicious attacker with a valid account to transfer any plant into their account...

9.4CVSS6AI score0.00376EPSS
Exploits0References9
OSV
OSV
added 2025/07/18 2:48 p.m.5 views

OESA-2025-1843 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: CPP-HTTPLIB is a C++11 single file header that only cross-platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using transfer code:...

7.5CVSS6.8AI score0.00505EPSS
Exploits1References2
OSV
OSV
added 2025/07/18 2:48 p.m.5 views

OESA-2025-1840 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: CPP-HTTPLIB is a C++11 single file header that only cross-platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using transfer code:...

7.5CVSS6.8AI score0.00505EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.7 views

The vulnerability of the Native Image component in the Oracle GraalVM for JDK virtual machine allows a hacker to trigger a service failure.

The vulnerability of the Native Image component in the Oracle GraalVM for JDK lies in the insecure management of privileges. Exploiting this vulnerability allows a malicious actor to trigger a service failure using the HTTP protocol...

3.7CVSS7.2AI score0.00299EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2025/07/18 12:0 a.m.4 views

Apache Tomcat Resource Management Error Vulnerability (CNVD-2025-16618)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

7.5CVSS6.8AI score0.01898EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/07/17 9:35 a.m.6 views

kernel: net: atm: fix use after free in lec_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...

7.8CVSS6.8AI score0.00181EPSS
Exploits0References5
Rows per page
Query Builder