Lucene search
K

27 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49451

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

6.5CVSS5.2AI score0.00345EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.8 views

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.7 views

CVE-2026-39562

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-35165

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.5CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/02 5:23 p.m.14 views

CVE-2026-3180 Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

7.5CVSS6AI score0.00739EPSS
Exploits4References6
CVE
CVE
added 2026/01/20 12:0 a.m.15 views

CVE-2025-57156

Summary (CVE-2025-57156) : A NULL pointer dereference in the owntone-server component, specifically in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c, can be triggered by a remote attacker through commits up to 6d604a1 (post-version 28.12). This vulnerability allows remote Denial...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.22 views

CVE-2025-64227 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.7...

9.8CVSS0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.2 views

PT-2025-48968

Name of the Vulnerable Software and Affected Versions MCP Gateway versions prior to 0.28.0 Description MCP Gateway, used for running and deploying MCP servers, is susceptible to DNS rebinding when operating in sse or streaming transport mode. An attacker can exploit this by tricking a user into...

7.3CVSS6.3AI score0.00388EPSS
Exploits0References9
EUVD
EUVD
added 2025/11/11 7:47 a.m.3 views

EUVD-2025-74384

Malicious code in paleimpalaemerald-28 npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/07/30 12:0 a.m.6 views

OPENSUSE-SU-2025:15395-1 docker-28.3.3_ce-26.1 on GA media

These are all security issues fixed in the docker-28.3.3ce-26.1 package on the GA media of openSUSE Tumbleweed...

5.1CVSS6.7AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.3 views

IBM Spss Statistics 加密问题漏洞

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

7.5CVSS6.6AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2025/02/17 12:0 a.m.7 views

DSA-5867-1 gnutls28 - security update

Bulletin has no description...

5.3CVSS5.2AI score0.01193EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.2 views

PT-2024-32894 · Unknown · Tiki Wiki Cms

Name of the Vulnerable Software and Affected Versions: Tiki Wiki CMS versions prior to 28 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This occurs when the software does not properly handle special...

9.8CVSS7.4AI score0.01515EPSS
Exploits0References11
OSV
OSV
added 2024/09/12 12:15 p.m.4 views

CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

7.5CVSS5.8AI score0.00442EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.4 views

PT-2024-39225 · Unknown · I-Doit Pro

Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: A Cross-site Scripting XSS issue allows an attacker to retrieve session details of an authenticated user due to the lack of proper sanitization of the following parameters: id, lang, mNavID, name, pID,...

6.1CVSS6.1AI score0.00226EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/08/17 1:59 a.m.4 views

SUSE CVE-2024-23981

Wrap-around error in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

9.3CVSS7.1AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/08/17 1:59 a.m.4 views

SUSE CVE-2024-24986

Improper access control in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

9.3CVSS7.1AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.2 views

Reachfar GPS Log Information Disclosure Vulnerability

Reachfar GPS is a positioning module from Reachfar. A security vulnerability exists in Reachfar GPS version v28, which stems from the presence of an information disclosure vulnerability that could allow a remote attacker to retrieve sensitive information...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.5 views

PT-2023-32138 · Unknown · Shenzhen Reachfar

Name of the Vulnerable Software and Affected Versions: Shenzhen Reachfar version v28 Description: The issue allows a remote attacker to retrieve all the week's logs stored in the 'log2' directory, potentially exposing sensitive information such as remembered wifi networks, sent messages, SOS devi...

7.5CVSS7.4AI score0.0057EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/09/14 8:15 p.m.6 views

CVE-2023-4676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yordam MedasPro allows Reflected XSS. This issue affects MedasPro: before 28...

6.1CVSS6.4AI score0.0033EPSS
Exploits0References3
Rows per page
Query Builder