Lucene search
K

28 matches found

OSV
OSV
added 2026/04/13 1:20 p.m.6 views

JLSEC-2026-89

Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...

8.6CVSS5.8AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 1:4 a.m.8 views

CLEANSTART-2026-AV56399 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/04/10 1:3 a.m.7 views

CLEANSTART-2026-TW35447 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/04/10 1:3 a.m.6 views

CLEANSTART-2026-RL67763 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/02/25 2:16 a.m.14 views

CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs...

8.5CVSS0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 6:16 p.m.15 views

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

7.8CVSS0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:16 p.m.4 views

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

7.8CVSS5.8AI score0.00228EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.6 views

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

5.3AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-5953

Name of the Vulnerable Software and Affected Versions CyberArk Endpoint Privilege Manager Agent versions through 25.10.0 Description A local user can elevate privileges through policy elevation of an Administration task. This allows for privilege escalation. Recommendations Update CyberArk Endpoi...

7.8CVSS5.4AI score0.00228EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in Poppler

Poppler is a library for rendering PDF files and examining or modifying their structure. A use-after-free vulnerability has been detected in versions of Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector; this can...

8.6CVSS5.3AI score0.00156EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/05 2:5 p.m.6 views

CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...

6.8CVSS5.1AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/05 1:43 p.m.5 views

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...

6.8CVSS5.2AI score0.00163EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/23 6:19 p.m.10 views

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

5.4CVSS6.2AI score0.03417EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/23 6:19 p.m.5 views

GHSA-C89F-8G7G-59WJ LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

4.3CVSS6.2AI score0.03417EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988622 advisory. Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler...

8.6CVSS5.3AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/17 6:44 p.m.36 views

CVE-2025-62412

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

4.8CVSS6.7AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/17 6:44 p.m.14 views

CVE-2025-62411

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting XSS vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored a...

5.5CVSS5.5AI score0.11639EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/16 8:18 p.m.21 views

EUVD-2025-34819

LibreNMS alert-rules has a Cross-Site Scripting Vulnerability...

3.8CVSS5.7AI score0.00252EPSS
Exploits1References4
NVD
NVD
added 2025/10/16 6:15 p.m.6 views

CVE-2025-62412

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

4.8CVSS0.00252EPSS
Exploits1References2
CVE
CVE
added 2025/10/16 5:54 p.m.23 views

CVE-2025-62412

LibreNMS (Alerts > Alert Rules) is affected by an HTML injection vulnerability in the alert rule name field due to improper sanitization, enabling cross-site scripting (XSS). The issue is fixed in version 25.10.0. Remediation: upgrade to 25.10.0 or newer. Root cause notes across sources descri...

4.8CVSS6.3AI score0.00252EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder