Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45722

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 3:16 p.m.6 views

UBUNTU-CVE-2025-60481

A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/15 8:18 a.m.28 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 10:39 a.m.2 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS5.8AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of ownership checks at the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint, whic...

6.3CVSS5.8AI score0.00249EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/10 1:2 a.m.8 views

Actual Sync Server has an Authenticated Path Traversal

Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/02/19 6:24 p.m.7 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 4:16 p.m.6 views

CVE-2025-67077

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...

8.8CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2025/12/17 8:15 p.m.4 views

CVE-2025-34438

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video...

8.1CVSS0.00238EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checks on endpoints, and could lead to authenticated users uploading comment images to other users'...

8.8CVSS6.3AI score0.00351EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51887

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 are susceptible to an insecure direct object reference IDOR that permits any authenticated user to delete media files owned by other users. The affected endpoint confirms...

8.7CVSS6.6AI score0.00289EPSS
Exploits0References7
CVE
CVE
added 2025/10/10 7:38 p.m.49 views

CVE-2025-61927

CVE-2025-61927 affects Happy DOM v19 and earlier, where the Node.js VM Context is not isolated and untrusted JavaScript executed inside the Happy DOM VM can escape to access process-level functionality. Depending on module system (ESM vs CommonJS), attackers may obtain access to powerful objects ...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 6:30 p.m.4 views

EUVD-2025-33386

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...

6.1CVSS6.5AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27727

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/02 10:59 a.m.26 views

CVE-2025-1301 Reflected XSS in Yordam Informatics' Library Automation System

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yordam Informatics Library Automation System allows Reflected XSS. This issue affects Library Automation System: before 21.6...

6.1CVSS0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

Firmanet ERP SQL注入漏洞

Firmanet ERP is an e-commerce system from Firmanet, Inc. A SQL injection vulnerability exists in Firmanet ERP version 22.11.2024 and earlier, which stems from vulnerability to SQL injection attacks...

8.2CVSS7.8AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.2 views

X.org Server Security Vulnerability

X.org Server is an open source free software from the X.org Foundation. A security vulnerability exists in versions of X.org Server prior to 21.1.11 that stems from incorrectly handling memory and could be exploited by an attacker to cause a denial of service, obtain sensitive information, or...

7.8CVSS7.3AI score0.01229EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.2 views

SUSE CVE-2012-2832

The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

6.8CVSS6.8AI score0.01303EPSS
Exploits0References3
OSV
OSV
added 2022/10/21 4:15 p.m.5 views

CVE-2022-1059

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/07 12:0 a.m.3 views

CVE-2021-39261

A crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...

8.3AI score0.00456EPSS
Exploits0References5
Rows per page
Query Builder