Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37071

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS6.8AI score0.00615EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.31 views

CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS0.00615EPSS
Exploits0References5
OSV
OSV
added 2025/10/06 10:15 p.m.14 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

5.4CVSS6.4AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/10/06 10:5 p.m.20 views

CVE-2025-43824

The CVE-2025-43824 affects the Profile widget in Liferay Portal 7.4.0–7.4.3.111 (and older unsupported versions) and Liferay DXP 2023.Q3–2023.Q4 and 7.4 GA up to update 92. The root cause is a user name being included in the Content-Disposition header, allowing remote authenticated users to chang...

5.4CVSS6.4AI score0.00217EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/06 10:5 p.m.41 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/06 10:5 p.m.4 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.4AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.6 views

PT-2025-40950

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description The Profile widget is susceptible to a...

4.8CVSS6.5AI score0.00217EPSS
Exploits0References8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Achievo 1.4.3 - Multiple Web Vulnerabilities

No description provided by source. Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management too...

7.1AI score
Exploits0
Rows per page
Query Builder