Lucene search
K

6 matches found

CVE
CVE
added 2026/02/24 1:2 a.m.18 views

CVE-2026-3050

CVE-2026-3050 affects horilla-opensource horilla CRM up to version 1.0.2, specifically the Leads Module’s static/assets/js/global.js. A flaw in an unknown function allows manipulation of the Notes argument to trigger cross-site scripting (XSS) via a remote attack. An exploit has been published. R...

5.4CVSS3.7AI score0.00216EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/02/24 1:2 a.m.5 views

EUVD-2026-7444

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...

5.1CVSS3.5AI score0.00216EPSS
Exploits1References6
CVE
CVE
added 2026/02/24 12:32 a.m.18 views

CVE-2026-3049

Affected software: horilla-opensource horilla (up to 1.0.2). Vulnerable component/file: Query Parameter Handler, specifically the function get in horilla_generics/global_search.py. Root cause: manipulation of the argument prev_url leads to an open redirect. Impact: remote exploitation possibility...

6.1CVSS4.9AI score0.00377EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.6 views

PT-2024-36673 · Yulio Aleman Jimenez · Smart Shopify Product

Name of the Vulnerable Software and Affected Versions: Yulio Aleman Jimenez Smart Shopify Product versions 1.0.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This vulnerabilit...

6.5CVSS9.4AI score0.0036EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.14 views

PT-2023-27519

Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3 Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an...

9.8CVSS7.3AI score0.01489EPSS
Exploits0References13
Snyk
Snyk
added 2020/02/25 1:19 p.m.1 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview madnest/madzipper is a Wannabe successor of Chumper/Zipper package for Laravel. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of filenames. P...

7.7CVSS7.8AI score
Exploits0References2
Rows per page
Query Builder