Lucene search
+L

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-48080

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01074EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-16872

Malicious code in bioql PyPI...

7.6CVSS7.7AI score0.00318EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-42733

Malicious code in bioql PyPI...

6.5CVSS5.9AI score0.00844EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-10723 Stored XSS in phpipam/phpipam

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...

3.5CVSS0.00315EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.49 views

CVE-2024-10723

CVE-2024-10723 describes a stored XSS in phpIPAM 1.5.2 where malicious scripts can be injected into the NAT tool’s destination address field and executed when interacted with. Reported impact includes cookie theft, unauthorized account access, and redirection to malicious sites. The vulnerability...

5.4CVSS5.5AI score0.00315EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.19 views

CVE-2024-1097

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

7.6CVSS5.2AI score0.00318EPSS
Exploits2References1
Krebs on Security
Krebs on Security
added 2025/01/07 11:41 p.m.6 views

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate...

6.7AI score
Exploits0
NVD
NVD
added 2023/09/27 3:19 p.m.24 views

CVE-2023-41326

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...

8.8CVSS8.5AI score0.3095EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.8 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

7.1AI score0.00486EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.9 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk prior to version v018, which stems from an authorization logic flaw that can be exploited by an attacker to perform a privilege escalation to the administrator role and...

9.8CVSS8.4AI score0.01074EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/09/28 8:40 a.m.11 views

CVE-2022-3348 Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet

Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim...

6.5CVSS5AI score0.00844EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.8 views

PT-2022-21782 · Git +1 · Tooljet +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker could steal the account of different users, but in this case, it is more specific because the attacker needs to be an editor in the same app...

6.5CVSS5.5AI score0.00844EPSS
Exploits1References7
myhack58
myhack58
added 2007/12/23 12:0 a.m.14 views

Thunder 5 and explosion vulnerability-vulnerability warning-the black bar safety net

According to a reliable tip-off, the thunder 5 and this time how much a word appears serious 0-Day vulnerability, virus authors can exploit the vulnerability to write malicious web pages, when used to browse these pages, you will be infected with the virus, then the virus can theft of user accoun...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2004/03/17 12:0 a.m.41 views

phpx324.txt

PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-2384

hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service...

3.6CVSS6.5AI score0.00378EPSS
Exploits1References3
Rows per page
Query Builder