Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/07 3:0 a.m.12 views

EUVD-2026-34982

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References5
OSV
OSV
added 2026/04/17 2:15 p.m.3 views

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS4AI score0.0026EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2025/11/19 12:0 a.m.7 views

Emby Server < 4.8.1.0 XSS Vulnerability

Emby Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS6.1AI score0.00377EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/13 6:26 p.m.14 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/12/15 9:15 p.m.5 views

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

6.1CVSS3.6AI score0.00568EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/16 12:0 a.m.4 views

PT-2022-6908 · Atlassian · Crucible +1

Name of the Vulnerable Software and Affected Versions: Fisheye and Crucible versions prior to 4.8.9 Description: The issue is related to insufficient protection of service data in Fisheye and Crucible, allowing a remote attacker to gain unauthorized access to protected information. The...

4.3CVSS4.4AI score0.00861EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/08/03 12:0 a.m.5 views

PT-2020-10162 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.8.5 Description: The issue allows an authenticated user with access to proxy license editing to insert a malicious payload that will be triggered in the main page of server settings. This is a case o...

5.4CVSS5.2AI score0.00806EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2008/05/07 12:0 a.m.5 views

PT-2008-3624 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4 Description: The issue arises from the GENERATE SEED macro, which, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion...

10CVSS9.5AI score0.04696EPSS
Exploits3References41
Rows per page
Query Builder