Lucene search
K

12 matches found

NVD
NVD
added 2026/05/27 3:16 p.m.18 views

CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...

7.3CVSS0.00384EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.20 views

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...

7.3CVSS0.00384EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.8 views

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...

6.2AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 6:28 p.m.11 views

CVE-2026-35446

LORIS (Longitudinal Online Research and Imaging System) contains a path traversal vulnerability in the FilesDownloadHandler. From 24.0.0 up to but not including 27.0.3 and 28.0.1, an incorrect order of operations could allow an attacker to escape the intended download directories. The issue is fi...

8.6CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 24.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from incorrect operation sequences in the FilesDownloadHandler...

8.6CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/03 6:31 p.m.3 views

EUVD-2025-37490

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls...

4.8CVSS6.1AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 3:15 p.m.10 views

CVE-2025-36092 IBM Business Automation Insights improper input validation

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...

6.5CVSS0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.4 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...

6.5CVSS7.1AI score0.00396EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/10/08 11:32 p.m.7 views

com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +8 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=24.0.0 <=24.0.5)

org.keycloak:keycloak-model-storage-services MAVEN version =24.0.0, =2.5.6-24.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.5 Source cves: CVE-2025-9162 Source advisory: OSV:GHSA-8HXP-QMPH-W5GQ...

4.9CVSS5.8AI score0.0046EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.3 views

IBM Cloud Pak for Business Automation 跨站脚本漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A cross-site scripting vulnerability exists in IBM Cloud Pak for Business...

6.1CVSS8.6AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.4 views

PT-2024-25945 · Syracuse · Avantra Server

Name of the Vulnerable Software and Affected Versions: Avantra Server versions 24.0.0 through 24.0.6 Avantra Server versions 24.1.0 through 24.1.0 Description: The issue concerns the mishandling of dashboard security. If a user can create a dashboard with an auto-login user, data disclosure may...

6.8CVSS7.1AI score0.00385EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/05/30 2:22 a.m.3 views

SUSE CVE-2023-32319

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...

8.1CVSS6.9AI score0.00697EPSS
Exploits0References3
Rows per page
Query Builder