Lucene search
+L

7 matches found

euvd
euvd
added 2026/05/29 8:4 a.m.16 views

EUVD-2026-33262

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 8:4 a.m.10 views

CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
nvd
nvd
added 2026/01/11 1:15 p.m.18 views

CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

8.1CVSS0.23054EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/01/11 1:5 p.m.6 views

CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

6.6AI score0.23054EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/07/26 12:0 a.m.5 views

PT-2024-5531 · Apache · Apache Roller

Name of the Vulnerable Software and Affected Versions: Apache Roller versions 5.0.0 through 6.1.2 Description: The issue is caused by insufficient input validation and sanitation in features such as Profile name & screenname, Bookmark name & description, and blogroll name. This allows an...

5.4CVSS5.4AI score0.00752EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2022/10/12 12:0 a.m.10 views

PT-2022-7342 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.18 through 6.0 Description: A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket...

9.8CVSS6.7AI score0.58461EPSS
Exploits31References219
ptsecurity
ptsecurity
added 2022/08/19 12:0 a.m.9 views

PT-2022-23502 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: Ywoa versions prior to 6.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "/oa/setup/checkPool?database" API endpoint. The estimated number of potentially affected devices...

9.8CVSS9.5AI score0.00891EPSS
Exploits1References4
Rows per page
Query Builder