Lucene search
K

18 matches found

OSV
OSV
added 2026/05/18 5:34 p.m.7 views

GHSA-9M6V-8FXC-4R44 Sulu: Used API Keys may be available via Admin API

Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...

2.3CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/18 1:48 p.m.6 views

CLEANSTART-2026-CY26398 Security fixes for CVE-2026-34986, ghsa-78h2-9frx-2jm8, ghsa-hfvc-g4fc-pqhx, ghsa-mh2q-q3fh-2475, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 3.0.5-r0, 3.0.6-r0

Multiple security vulnerabilities affect the grafana-mimir-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.3AI score0.00651EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/03 7:43 p.m.23 views

CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS0.00108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-32997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CVE-2025-32997 Note that Nessus relies on the...

5.3CVSS6.4AI score0.0039EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 3:27 a.m.3 views

CVE-2025-48355 WordPress ProveSource Social Proof plugin <= 3.0.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5...

5.3CVSS7.1AI score0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/21 3:25 a.m.7 views

WordPress ProveSource Social Proof plugin <= 3.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao BlueRock in WordPress Plugin ProveSource Social Proof versions = 3.1.2...

5.3CVSS6.7AI score0.00285EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34185 · WordPress · Provesource Social Proof

Name of the Vulnerable Software and Affected Versions: ProveSource Social Proof versions n/a through 3.0.5 Description: ProveSource Social Proof contains a flaw that allows the retrieval of embedded sensitive data, leading to the exposure of confidential system information to an unauthorized...

5.3CVSS6.7AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.7 views

CVE-2023-35884

Unauth. Reflected Cross-Site Scripting XSS vulnerability in EventPrime plugin = 3.0.5 versions...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.7 views

Passport-wsfed-saml2 安全漏洞

Passport-wsfed-saml2 is an Auth0 open source token authentication provider program. A security vulnerability exists in Passport-wsfed-saml2 versions 3.0.5 through 4.6.3, which stems from SAML response tampering and could lead to user impersonation...

8.6CVSS6.6AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.3 views

PT-2025-5440 · Vform · Vform

Name of the Vulnerable Software and Affected Versions: VForm versions through 3.0.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 3.0.5, update to a...

5.4CVSS6.9AI score0.00439EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.7 views

PT-2024-33380

Name of the Vulnerable Software and Affected Versions Shafiq Digital Lottery versions 3.0.5 and earlier Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to...

10CVSS5.2AI score0.00496EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.4 views

PT-2024-23463 · Typps · Typps Calendarista Basic Edition

Name of the Vulnerable Software and Affected Versions: typps Calendarista Basic Edition versions 3.0.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects typps Calendarista Basic Edition. Recommendations: For versions 3.0.5 and...

9.8CVSS9.3AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-3289 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 3.0.5 through 3.0.7 Fortinet FortiSandbox versions 3.2.0 through 3.2.4 Fortinet FortiSandbox versions 4.0.0 through 4.0.5 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0...

6.7CVSS7.9AI score0.0063EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.4 views

PT-2024-23991 · Unknown · Themepoints Testimonials

Name of the Vulnerable Software and Affected Versions: Themepoints Testimonials versions 3.0.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scripts ...

6.5CVSS8.9AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/11/30 12:0 a.m.3 views

PT-2020-17158 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON plugin versions 3.0.5 and earlier Description: The issue allows for XSS via the search field in the addons/?q= endpoint. This is a security concern as it can be exploited to inject malicious scripts. Recommendations: For versions 3.0....

6.1CVSS5.9AI score0.11696EPSS
Exploits2References10
CNVD
CNVD
added 2019/01/30 12:0 a.m.2 views

Croogo cross-site scripting vulnerability (CNVD-2019-03589)

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...

4.8CVSS6.3AI score0.0061EPSS
Exploits1References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/03/03 12:0 a.m.537 views

Invitex, 3.0.5, SQL Injection

Invitex by techjoomla.com, versions 3.0.5 and previous, SQL Injection resolution: update to 3.0.6 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...

9.8CVSS2.2AI score0.02703EPSS
Exploits5References3Affected Software1
OpenVAS
OpenVAS
added 2009/03/13 12:0 a.m.16 views

Woltlab Burning Board Multiple Input Validation Vulnerabilities

Woltlab Burning Board is prone to multiple input-validation vulnerabilities, including: - Multiple security that may allow attackers to delete private messages - A cross-site scripting vulnerability - Multiple URI redirection vulnerabilities Attackers can exploit these issues to delete private...

7.3AI score
Exploits0References1
Rows per page
Query Builder