Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.7 views

PT-2025-29546 · Matomo · Matomo

Name of the Vulnerable Software and Affected Versions: Matomo versions prior to 3.0.3 Description: An authenticated remote code execution issue exists in Matomo due to the plugin upload mechanism. An authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP...

9.4CVSS7.4AI score0.00893EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.5 views

PT-2025-27572 · Junit · Junit

Name of the Vulnerable Software and Affected Versions: JUnit versions 5.12.0 through 5.13.1 Description: The issue concerns JUnit's support for writing Open Test Reporting XML files, which can leak Git credentials. The impact depends on the level of the access token exposed through the...

5.8CVSS6AI score0.00099EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.5 views

PT-2025-27072 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.10.2.1 Description: The issue is related to Stored Cross-Site Scripting via the use of a templating engine due to insufficient...

6.4CVSS6.1AI score0.00198EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.4 views

PT-2025-25478 · WordPress · Kk Youtube Video

Name of the Vulnerable Software and Affected Versions: kk Youtube Video plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00182EPSS
Exploits0References5
CVE
CVE
added 2025/06/10 12:0 a.m.62 views

CVE-2024-37396

REDCap 13.1.9 is affected by a stored XSS in the Calendar component (Notes field). authenticated users can inject scripted HTML that is executed when the calendar event is viewed. The issue is caused by improper handling of input in the calendar event notes, leading to script execution in the con...

5.4CVSS5.4AI score0.00409EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.5 views

PT-2025-22972 · Mobatime · Mobatime Amx Mtapi

Name of the Vulnerable Software and Affected Versions: Mobatime AMX MTAPI v6 versions prior to 1.5 Description: The issue concerns Missing Authentication & Authorization in the Web-API of Mobatime AMX MTAPI v6 on IIS, allowing adversaries to gain unrestricted access via the network...

9.3CVSS9.6AI score0.00445EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.6 views

PT-2025-22740 · Unknown · Likecoin Web3Press

Name of the Vulnerable Software and Affected Versions: LikeCoin Web3Press versions n/a through 3.2.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in LikeCoin Web3Press...

6.5CVSS6.8AI score0.00416EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.25 views

Alibaba Cloud Linux 3 : 0116: httpd:2.4 (ALINUX3-SA-2024:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31122: Out-of-bounds Read...

7.5CVSS7.3AI score0.03024EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21166 · Opentext · Opentext Advance Authentication

Name of the Vulnerable Software and Affected Versions: OpenText Advance Authentication versions prior to 6.5 Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

7.5CVSS7.5AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.5 views

PT-2025-17710 · WordPress · Lottie Player

Name of the Vulnerable Software and Affected Versions: Lottie Player plugin for WordPress versions up to, and including, 1.1.8 Description: The issue is related to Stored Cross-Site Scripting via File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.2AI score0.00255EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15757 · Xgrammar · Xgrammar

Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.18 Description: The issue concerns an unbounded cache for compiled grammars in memory, which can be exploited to cause a denial of service by filling up a host's memory. This can occur when a system using XGramm...

6.5CVSS6.3AI score0.00434EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.2 views

PT-2025-15750 · Chandan Garg · Cg Scroll To Top

Name of the Vulnerable Software and Affected Versions: Chandan Garg CG Scroll To Top versions n/a through 3.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS7.5AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.3 views

PT-2025-15745 · Unknown · Script Compressor

Name of the Vulnerable Software and Affected Versions: Script Compressor versions 1.7.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the regen Script Compressor. Recommendations: For versions 1.7.1 and earlier, update to a version...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.4 views

PT-2025-15007 · WordPress · Jetpack Feedback Exporter

Name of the Vulnerable Software and Affected Versions: Jetpack Feedback Exporter versions 1.23 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For Jetpack...

5.3CVSS6.1AI score0.00478EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.8 views

PT-2024-34: Server Side Request Forgery (SSRF) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to send requests to both external nodes and servers with limited access, which leads to disclosure of sentisive data, denial of service, etc. Also, exploitation of the...

8.1CVSS7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-77: Time-based SQL Injection in Netcat CMS (module comments)

The vulnerability was identified in Netcat CMS module comments, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...

9.4CVSS6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.7 views

PT-2024-4020 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.x Description: The issue is related to an unrestricted file upload vulnerability in the web component of Ivanti Avalanche. This vulnerability allows an authenticated, privileged user to execute arbitrary...

9CVSS7.4AI score0.64423EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.2 views

PT-2023-22612 · Openwb · Openwb

Name of the Vulnerable Software and Affected Versions: OpenWB versions 1.6 through 1.7 Description: The issue allows remote attackers to run arbitrary commands via crafted GET requests, potentially leading to command injection attacks. Recommendations: For OpenWB versions 1.6 through 1.7, update ...

9.8CVSS9.8AI score0.3173EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.1 views

PT-2023-35159 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.91 Description: A use-after-free issue exists in the local cleanup function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.91...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-6392 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...

7.8CVSS7.8AI score0.00163EPSS
Exploits0References9
Rows per page
Query Builder