Lucene search
K

7 matches found

OSV
OSV
added 2026/04/29 8:33 p.m.9 views

GHSA-MPFM-FPGX-647Q CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

8.7CVSS5.7AI score0.00194EPSS
Exploits0References5
OSV
OSV
added 2025/03/26 5:15 p.m.3 views

DEBIAN-CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

6.1CVSS5.3AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 3:16 p.m.3 views

DEBIAN-CVE-2025-27404

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

6.1CVSS5.7AI score0.00561EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.4 views

PT-2025-12974 · Icinga +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a request that embeds arbitrary Javascript into the interface, enabling them to act on behal...

7.6CVSS6.2AI score0.00561EPSS
Exploits0References21
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

7.6CVSS5.8AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2024/01/19 8:15 p.m.2 views

DEBIAN-CVE-2024-22211

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdpbitmapplanarcontextreset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A...

9.8CVSS7.1AI score0.01085EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.3 views

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.11.5, which stems from a cross-site scripting XSS attack via image-mapped AREA elements...

6.1CVSS5.8AI score0.00486EPSS
Exploits0References4
Rows per page
Query Builder