Lucene search
K

77 matches found

Cvelist
Cvelist
added 2025/03/31 10:23 p.m.14 views

CVE-2025-24198

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data...

0.00422EPSS
Exploits0References5
CVE
CVE
added 2025/03/31 4:17 p.m.281 views

CVE-2025-30223

Beego (Go framework) contains an XSS vulnerability in RenderForm() up to version 2.3.5, caused by improper HTML escaping of user-controlled data. This allows injection of attacker-controlled JavaScript in rendered forms, potentially enabling session hijacking, credential theft, or account takeove...

9.6CVSS7.8AI score0.0059EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.9 views

PT-2025-13580 · Unknown · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Exam System version 1.0 Description: The issue is related to SQL Injection via the dash.php file. This allows for potential exploitation. Recommendations: For Sourcecodester Online Exam System version 1.0, consider...

9.8CVSS7.4AI score0.00458EPSS
Exploits1References9
OSV
OSV
added 2025/02/21 10:48 p.m.4 views

GHSA-V4Q9-437P-MHPG Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)

Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...

7.4CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 6:4 p.m.25 views

CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability

...

7.8CVSS0.00755EPSS
Exploits0References1
Redos
Redos
added 2024/04/04 12:0 a.m.36 views

ROS-20240404-01

A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to gain full access to a user's account A vulnerability in the Grafana monitoring and surveillance platform is...

9.8CVSS7.6AI score0.09216EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.20 views

RHEL 9 : firefox (RHSA-2023:6199)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6199 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

9.8CVSS7.8AI score0.01936EPSS
Exploits0References16
OSV
OSV
added 2023/10/24 7:25 p.m.46 views

GHSA-R2HW-74XV-4GQP Nautobot vulnerable to exposure of hashed user passwords via REST API

Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. Nautobot 1.x is not affected by...

8.3CVSS6.3AI score0.00529EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.4 views

PT-2023-28132 · Poll Maker Team · Poll Maker Plugin

Name of the Vulnerable Software and Affected Versions: Poll Maker Team Poll Maker plugin versions = 4.7.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

7.1CVSS6.4AI score0.0033EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.5 views

PT-2023-27331 · Vathemes · Vathemes Business Pro

Name of the Vulnerable Software and Affected Versions: Vathemes Business Pro theme versions = 1.10.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.4 views

PT-2023-22730 · Imagerecycle · Imagerecycle Pdf & Image Compression Plugin

Name of the Vulnerable Software and Affected Versions: ImageRecycle ImageRecycle pdf & image compression plugin versions = 3.1.10 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

7.1CVSS6.4AI score0.00331EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.11 views

PT-2023-21602 · Unknown · Aakif Kadiwala Tags Cloud Manager

Name of the Vulnerable Software and Affected Versions: Aakif Kadiwala Tags Cloud Manager plugin versions 1.0.0 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.7 views

PT-2023-25303 · WordPress · Backup Manager

Name of the Vulnerable Software and Affected Versions: WP Backup Manager plugin versions prior to 1.13.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.5 views

PT-2023-18649 · WordPress · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive plugin versions 1.5.48 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing th...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References4
CNVD
CNVD
added 2021/10/09 12:0 a.m.6 views

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84281)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 2.2.0, which can be used by an attacker to steal cookies, passwords, or run arbitrary code on a victim's browser...

5.4CVSS6.6AI score0.00551EPSS
Exploits1References1
NVD
NVD
added 2021/09/20 10:15 a.m.21 views

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

6.5CVSS0.01139EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2020/09/09 12:0 a.m.501 views

Tailor Management System - 'id' SQL Injection

Exploit Title: Tailor Management System - 'id' SQL Injection Google Dork: N/A Date: 2020-09-08 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
myhack58
myhack58
added 2017/05/20 12:0 a.m.50 views

The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net

Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2014/11/26 10:22 p.m.6 views

Twitter will now Track EVERY App You have Installed on Your Smartphone

Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a "more personal Twitter experience" by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applicatio...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2014/08/11 9:49 a.m.9 views

Google Moves to Boost Search Ranking For HTTPS Sites

In the last couple of years, Google has been making a series of changes to its Web infrastructure to employ encryption more widely and help defeat active attackers. Much of this has gone on in the background, with the company securing the links between its data centers and making other...

6.7AI score
Exploits0References3
Rows per page
Query Builder