Lucene search
K

31 matches found

OSV
OSV
added 2026/06/17 7:9 p.m.5 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/03/30 12:16 p.m.4 views

CVE-2019-25654

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an...

8.7CVSS0.00691EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29010

Name of the Vulnerable Software and Affected Versions Core FTP/SFTP Server version 1.2 Description Core FTP/SFTP Server version 1.2 contains a buffer overflow issue that allows attackers to disrupt the service by providing a long string in the User domain field. Attackers can insert a malicious...

8.7CVSS6.1AI score0.00691EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

Core FTP/SFTP Server 缓冲区错误漏洞

Core FTP/SFTP Server is a file transfer server software developed by Core FTP Corporation. Version 1.2 of Core FTP/SFTP Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the user domain field, which could allow attackers to cause the service to crash...

8.7CVSS6.1AI score0.00691EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/02/11 9:14 a.m.4 views

Security update for xrdp

This update for xrdp fixes the following issues: CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

9.2CVSS5.5AI score0.01318EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 9:13 a.m.4 views

SUSE-SU-2026:0433-1 Security update for xrdp

This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362...

9.8CVSS7.3AI score0.01318EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.2 views

SUSE SLES12 Security Update : xrdp (SUSE-SU-2026:0404-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0404-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable has extracted the preceding description block...

9.8CVSS5.7AI score0.01318EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 4:58 p.m.3 views

SUSE-SU-2026:0404-1 Security update for xrdp

This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362...

9.8CVSS7.3AI score0.01318EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-1152

Malware in sbrugna...

8.8CVSS8.8AI score0.0068EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0289

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00367EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.5 views

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...

6.8CVSS5.5AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 a.m.2 views

CVE-2014-10381

The user-domain-whitelist plugin before 1.5 for WordPress has CSRF...

8.8CVSS6.9AI score0.0068EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 11:15 a.m.9 views

CVE-2025-40630

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This...

6.1CVSS0.00425EPSS
Exploits0References1
Citrix
Citrix
added 2025/01/03 12:0 a.m.11 views

FAS - Users from 2-way trusted domain getting "incorrect username or password" on VDA login

Users from primary domain are able to be authenticated without issue. Users from Domain B, which is in a different forest and is trusted via 2-way trust, can authenticate with the storefront without issue. However, when launching a resource the CWA eventually loads a small window indicating the t...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.4 views

PT-2024-22348

Name of the Vulnerable Software and Affected Versions: JupyterHub versions prior to 4.1.0 Description: The issue allows an attacker to achieve an XSS directly affecting a user's session by tricking them into visiting a malicious subdomain. This could lead to full access to the JupyterHub API and...

8.1CVSS7.6AI score0.00329EPSS
Exploits0References17
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.137 views

ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

Description The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks As a contributor, put the following payload in a post the payload will have to be updated accordingly to watch the...

5.4CVSS5.3AI score0.00419EPSS
Exploits2
Huntr
Huntr
added 2021/08/31 5:7 p.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️‍♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...

6AI score
Exploits0
OSV
OSV
added 2021/07/31 5:15 p.m.2 views

CVE-2021-33617

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...

5.3CVSS5.8AI score0.02055EPSS
Exploits1References3
Prion
Prion
added 2021/07/31 5:15 p.m.10 views

Cross site request forgery (csrf)

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...

5CVSS5.3AI score0.02055EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2019/08/22 12:0 a.m.1 views

WordPress user-domain-whitelist plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. user-domain-whitelist is a plugin that adds a black/white list of users. A cross-site request forgery vulnerability exists in the...

8.8CVSS6.7AI score0.0068EPSS
Exploits0References1
Rows per page
Query Builder