Lucene search
+L

22 matches found

ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.14 views

PT-2026-52612

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.5 Description An unauthenticated arbitrary file upload issue exists when storageType is set to local. This allows attackers to use path traversal—a technique used to access files and directories outside the intend...

9.3CVSS6.5AI score0.00611EPSS
Exploits1References7
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.14 views

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS5.8AI score0.00391EPSS
Exploits0References1
cve
cve
added 2026/03/06 4:27 a.m.40 views

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2Affected Software1
circl
circl
added 2026/01/22 5:46 p.m.11 views

CVE-2026-22426

creationtimestamp| type| source ---|---|--- 2026-01-22 17:46:11+00:00| seen| https://gist.github.com/Darkcrai86/1dd9289803bef694101f7f5241b901ce...

5.4CVSS5AI score0.00229EPSS
Exploits0References1
euvd
euvd
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202301

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

8.8CVSS6.5AI score0.00148EPSS
Exploits0References2
nvd
nvd
added 2025/10/29 9:15 a.m.6 views

CVE-2025-64289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...

5.9CVSS0.00166EPSS
Exploits0References1
cve
cve
added 2025/10/29 8:38 a.m.18 views

CVE-2025-64290

CVE-2025-64290 is a CSRF vulnerability in the WordPress plugin Premmerce Product Search for WooCommerce (premmerce-search), affecting versions up to 2.2.4. The issue is described as Cross-Site Request Forgery that could allow an attacker to perform actions on behalf of an authenticated user. The ...

4.3CVSS6.5AI score0.00117EPSS
Exploits0References1
nessus
nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-24755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6...

9.8CVSS8.2AI score0.01996EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/23 12:19 a.m.8 views

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,...

9.8CVSS6.7AI score0.01175EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 11:40 p.m.7 views

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.2AI score0.00692EPSS
Exploits0References1
exploitdb
exploitdb
added 2025/04/16 12:0 a.m.315 views

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...

9.8CVSS9.2AI score0.99984EPSS
Exploits25
nessus
nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

8.8CVSS7.4AI score0.01299EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/05 9:38 p.m.13 views

CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

7.5CVSS6.5AI score0.01476EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/01/07 12:0 a.m.9 views

PT-2025-3698 · Siwx91X · Siwx91X

Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...

7.5CVSS7AI score0.00417EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.10 views

PT-2024-30423 · Unknown · Clearfy Cache

Name of the Vulnerable Software and Affected Versions: Clearfy Cache versions 2.2.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Clearfy Cache versions...

5.4CVSS6.5AI score0.00309EPSS
Exploits0References3
susecve
susecve
added 2024/04/15 11:12 p.m.4 views

SUSE CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS7.1AI score0.00851EPSS
Exploits1References5
circl
circl
added 2022/07/01 8:42 p.m.6 views

CVE-2022-2244

creationtimestamp| type| source ---|---|--- 2022-07-01 20:42:50+00:00| seen| https://t.me/cibsecurity/45488...

4.3CVSS4.6AI score0.00786EPSS
Exploits0References1
circl
circl
added 2022/04/06 7:11 a.m.17 views

CVE-2022-24787

creationtimestamp| type| source ---|---|--- 2022-04-06 07:11:50+00:00| seen| https://t.me/cibsecurity/40110...

7.5CVSS7.3AI score0.0097EPSS
Exploits0References1
redhat
redhat
added 2021/03/30 4:22 a.m.4 views

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

6.5CVSS7.3AI score0.02689EPSS
Exploits0References5
osv
osv
added 2019/01/16 7:30 p.m.4 views

UBUNTU-CVE-2019-2556

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References3
Rows per page
Query Builder