Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23680

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...

5.3CVSS5.7AI score0.00217EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 10:49 p.m.12 views

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability

WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin = 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin WP Front User Submit / Front Editor versio...

5.3CVSS7AI score0.0023EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/12 9:15 p.m.5 views

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

6.1CVSS0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/21 12:0 a.m.33 views

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...

5.4CVSS0.00238EPSS
Exploits1References1
CNVD
CNVD
added 2023/11/22 12:0 a.m.19 views

Apache Submarine Deserialization Vulnerability

Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by a...

9.8CVSS7.2AI score0.01747EPSS
Exploits1References1
CNVD
CNVD
added 2021/09/09 12:0 a.m.15 views

ClinicCases Cross-Site Scripting Vulnerability

ClinicCases is an open source case management system designed for law school clinics. A cross-site scripting vulnerability exists in ClinicCases version 7.3.3 that stems from the software's lack of effective validation and filtering of user-submitted parameters. The vulnerability allows an...

6.1CVSS6AI score0.03521EPSS
Exploits1References1
Prion
Prion
added 2021/01/27 4:15 p.m.13 views

Authentication flaw

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method...

6.5CVSS8.7AI score0.01037EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2021/01/27 3:54 p.m.19 views

CVE-2021-25312

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method...

8.8CVSS8.8AI score0.01037EPSS
Exploits0
0day.today
0day.today
added 2010/12/05 12:0 a.m.14 views

T-Dreams Articles & Papers Package SQL Injection Vulnerability

Exploit for asp platform in category web applications ============================================================== T-Dreams Articles & Papers Package SQL Injection Vulnerability ==============================================================...

7.1AI score
Exploits0
Rows per page
Query Builder