Lucene search
+L

311 matches found

osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
osv
osv
added 2026/06/17 10:12 p.m.2 views

CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

5.9CVSS5.9AI score0.00278EPSS
Exploits0References5
osv
osv
added 2026/06/17 10:7 p.m.3 views

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

2.1CVSS5.9AI score0.00278EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.12 views

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.7AI score0.00194EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2026/06/05 3:21 p.m.6 views

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...

2.1CVSS5.5AI score0.00278EPSS
Exploits0
euvd
euvd
added 2026/04/16 6:31 a.m.8 views

EUVD-2026-23172

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
nvd
nvd
added 2026/04/16 4:17 a.m.9 views

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS0.00194EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/16 3:36 a.m.39 views

CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS0.00194EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/16 3:36 a.m.4 views

CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/16 3:36 a.m.8 views

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
cve
cve
added 2026/04/16 3:36 a.m.21 views

CVE-2026-5070

The CVE-2026-5070 vector affects the WordPress Vantage theme (versions up to and including 1.20.32). The issue is a Stored Cross-Site Scripting vulnerability in the Gallery block text content caused by insufficient output escaping in the gallery template. Exploitation requires authenticated acces...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/16 12:0 a.m.12 views

WordPress plugin Vantage 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.7AI score0.00194EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/16 12:0 a.m.8 views

PT-2026-33254

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
patchstack
patchstack
added 2026/04/15 11:11 p.m.7 views

WordPress Vantage plugin <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Block Text Content vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Vantage versions = 1.20.32...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/04/15 1:16 p.m.9 views

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

7.1CVSS0.002EPSS
Exploits0References1
cve
cve
added 2026/04/15 12:27 p.m.18 views

CVE-2026-0827

CVE-2026-0827 concerns Lenovo Diagnostics and the HardwareScanAddin in Lenovo Vantage. The issue, discovered during internal testing, could allow a local authenticated user to perform arbitrary file writes with elevated privileges during installation or while running a hardware scan. The availabl...

7.1CVSS5.9AI score0.002EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/15 12:27 p.m.6 views

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

7.1CVSS5.9AI score0.002EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/15 12:0 a.m.10 views

PT-2026-33056

Name of the Vulnerable Software and Affected Versions Lenovo Diagnostics affected versions not specified Lenovo Vantage HardwareScanAddin affected versions not specified Description An issue exists in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage. During installation or whil...

7.1CVSS5.9AI score0.002EPSS
Exploits0References4
lenovo
lenovo
added 2026/04/14 7:58 p.m.13 views

Lenovo Diagnostics and Lenovo Vantage Vulnerability - Lenovo Support US

No description provided...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1717

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

6.8CVSS5.9AI score0.00144EPSS
Exploits0References1
Rows per page
Query Builder