Lucene search
K

6 matches found

OSV
OSV
added 2026/03/26 12:22 a.m.4 views

CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49839

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

8.4CVSS6.5AI score0.00135EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/05 2:31 a.m.3 views

SUSE CVE-2025-1866

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32...

10CVSS7.4AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.9 views

PT-2024-32584 · Yith · Yith Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Product Add-Ons versions prior to 4.13.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations...

7.1CVSS6.8AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.12 views

PT-2023-25706 · Sealos · Sealos

Name of the Vulnerable Software and Affected Versions: Sealos versions 4.2.0 and prior Description: Sealos, a Cloud Operating System for managing cloud-native applications, has a permission flaw in its billing system. This flaw allows users to control the recharge resource account via the...

8.1CVSS7.6AI score0.00549EPSS
Exploits0References5
OSV
OSV
added 2021/02/11 8:46 p.m.5 views

GHSA-M56G-3G8V-2RXW XSS in Adminer

Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI...

6.1CVSS5.9AI score0.02003EPSS
Exploits1References6
Rows per page
Query Builder