Lucene search
+L

42 matches found

osv
osv
added 2025/09/26 1:9 p.m.4 views

OESA-2025-2340 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS7.3AI score0.00687EPSS
Exploits0References14
patchstack
patchstack
added 2025/06/13 6:45 a.m.7 views

WordPress IRM Newsroom plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Chuck in WordPress Plugin IRM Newsroom versions = 1.2.19...

6.4CVSS5.3AI score0.00204EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2025/05/30 12:0 a.m.22 views

GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-1763)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6...

8.7CVSS8.6AI score0.0054EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/05/23 9:38 a.m.16 views

CVE-2024-24872

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:41 a.m.13 views

CVE-2023-39164

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...

7.1CVSS6AI score0.00331EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:35 p.m.8 views

CVE-2021-29080

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126,...

8.1CVSS7.3AI score0.00416EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:53 a.m.11 views

CVE-2015-9519

The Easy Digital Downloads EDD PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/16 5:11 p.m.21 views

CVE-2025-47708

Cross-Site Request Forgery CSRF vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0...

8.8CVSS7.1AI score0.00171EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/05/15 6:22 a.m.9 views

CVE-2025-27523 XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06...

8.7CVSS7AI score0.00321EPSS
Exploits0References1
nessus
nessus
added 2025/04/10 12:0 a.m.5 views

Moodle 4.1.x < 4.1.4 XSS Risk on groups page

According to its self-reported version, the Moodle install hosted on the remote host is 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.4 or 4.2.x prior to 4.2.1. It is, therefore, affected by a Cross-Site Scripting in content on the groups page. Note that the scanner has not...

6.1CVSS6.8AI score0.00677EPSS
Exploits0References3
nvd
nvd
added 2025/03/31 10:15 p.m.19 views

CVE-2025-31682

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Google Tag allows Cross-Site Scripting XSS.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8...

4.8CVSS0.00218EPSS
Exploits0References1
osv
osv
added 2025/03/24 4:15 p.m.5 views

CVE-2021-26105

A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

8.8CVSS6.2AI score0.0047EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/03/05 12:21 p.m.4 views

CVE-2024-10925

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML...

5.4CVSS6.8AI score0.00316EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/05 12:0 a.m.26 views

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

0.00295EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/02/06 1:53 a.m.10 views

CVE-2022-43541

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.7AI score0.01525EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:27 p.m.10 views

CVE-2020-2742

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

8.2CVSS6.7AI score0.00636EPSS
Exploits0
nvd
nvd
added 2024/12/13 3:15 p.m.43 views

CVE-2024-54315

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through = 2.2.2...

6.5CVSS0.00399EPSS
Exploits0References1
osv
osv
added 2024/11/12 5:15 p.m.7 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS6AI score0.01652EPSS
Exploits0References1
osv
osv
added 2023/12/29 11:6 a.m.5 views

OESA-2023-1988 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

6.5CVSS7.2AI score0.0151EPSS
Exploits3References4
susecve
susecve
added 2023/11/24 2:1 a.m.1 views

SUSE CVE-2023-6212

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 120, Firefox ESR...

8.8CVSS9.4AI score0.00823EPSS
Exploits0References8
Rows per page
Query Builder