Lucene search
+L

67 matches found

Cvelist
Cvelist
added 2025/08/21 12:0 a.m.15 views

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

0.00358EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.7 views

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP v3.5, which stems from improper access control in the UserController.java component and could lead to elevated levels of privilege...

5.3CVSS6.6AI score0.00294EPSS
Exploits1References4
OSV
OSV
added 2025/05/22 2:16 p.m.5 views

ALPINE-CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS7.2AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Advanced Backups Security Vulnerability

Advanced Backups is a powerful backup mod for My World game by the individual developer Heather White. A security vulnerability exists in Advanced Backups v3.5.3 and earlier versions, which stems from a vulnerability that allows an attacker to write to arbitrary files by restoring a carefully...

5.5CVSS6.9AI score0.00311EPSS
Exploits1References3
OSV
OSV
added 2024/06/09 1:15 p.m.5 views

CVE-2024-32799

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.7 views

Sentrifugo security breach

Sentrifugo is a human resource management system. The system includes features for human resource management, performance appraisal, recruitment management, and asset management. A security vulnerability exists in Sentrifugo version 3.5 that stems from allowing an authenticated attacker to upload...

8.8CVSS6.8AI score0.00906EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.3 views

Nanoleaf Light strip security vulnerability

Nanoleaf Light strip is a smart LED strip from Nanoleaf. A security vulnerability exists in Nanoleaf Light strip version v3.5.10 that could allow an attacker to send a malicious message and cause a denial of service...

7.5CVSS6.6AI score0.00593EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/21 1:15 a.m.5 views

CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer...

9.8CVSS7.2AI score0.00535EPSS
Exploits0References5
OSV
OSV
added 2023/07/28 3:30 p.m.2 views

GHSA-WP6C-29R3-JQW9 SQL injection in jeecg-boot

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

9.8CVSS6AI score0.72043EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.7 views

WordPress Plugin Flickr Justified Gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.2AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.4 views

jjeecg-boot 代码问题漏洞

JEECG jjeecg-boot is a low-code development platform based on a code generator from JEECG. A security vulnerability exists in jjeecg-boot version V3.5.0, which originates from an unauthorized arbitrary file upload issue in the /jeecg-boot/jmreport/upload interface...

6.5CVSS6.7AI score0.00639EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.22 views

Microsoft .NET Framework 安全漏洞

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...

5CVSS6.7AI score0.00917EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.5 views

PT-2022-19894 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to...

8.1CVSS6.7AI score0.01487EPSS
Exploits1References5
OSV
OSV
added 2022/05/26 1:15 p.m.6 views

CVE-2022-29721

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist...

7.5CVSS5.8AI score0.00991EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2022/05/26 1:13 a.m.9 views

Exploit for Path Traversal in Siemens Apogee_Pxc_Firmware

:cyclone: APOLOGEE - Siemens Field Panel Scanner: APOLOGEE is...

5.3CVSS7.4AI score0.07284EPSS
Exploits4
OSV
OSV
added 2021/08/18 3:15 p.m.7 views

CVE-2021-21867

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...

7.8CVSS5.9AI score0.01648EPSS
Exploits1References2
OSV
OSV
added 2021/03/19 9:15 p.m.7 views

UBUNTU-CVE-2019-14831

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link...

6.1CVSS6.3AI score0.0081EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/01/05 12:0 a.m.7 views

Veritas Resiliency Platform 安全漏洞

Veritas Technologies Resiliency Platform VRP is a suite of data protection solutions from Veritas Technologies, USA. A security vulnerability exists in Veritas Resiliency Platform versions 3.4 and 3.5, which can be exploited by an attacker to gain administrator access to the system, resulting in...

9.3CVSS7.5AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.7 views

PT-2020-16160 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 through 3.5.14 Moodle versions 3.7 through 3.7.8 Moodle versions 3.8 through 3.8.5 Moodle versions 3.9 through 3.9.2 Moodle earlier unsupported versions Description: The issue arises from insufficient checks on users'...

9.8CVSS6.1AI score0.52299EPSS
Exploits19References147
CNVD
CNVD
added 2020/07/28 12:0 a.m.2 views

Mozilla Network Security Services Information Disclosure Vulnerability (CNVD-2020-43765)

Mozilla Network Security Services NSS is a library of functions Network Security Services library from the Mozilla Foundation in the United States. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. A security vulnerability exists in Mozilla Network...

9.1CVSS8AI score0.01541EPSS
Exploits0References1
Rows per page
Query Builder