Lucene search
K

2772 matches found

Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26952

Name of the Vulnerable Software and Affected Versions: System Information Reporter SIR versions 1.0.3 and prior Description: A sensitive information exposure issue allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. Recommendations: Fo...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References5
NVD
NVD
added 2025/06/25 4:15 p.m.3 views

CVE-2025-50178

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

8.7CVSS0.00414EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/06/25 12:0 a.m.6 views

WordPress Blogbyte Theme <= 1.1.1 is vulnerable to Local File Inclusion

Software Blogbyte Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49275 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 149a2dc2444b Credits Le Ngoc Anh Required privilege Unauthenticated...

8.1CVSS6.4AI score0.00397EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.3 views

PT-2025-26937 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...

6.8CVSS5.9AI score0.00304EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.4 views

Alibaba Cloud Linux 3 : 0092: libxslt (ALINUX3-SA-2025:0092)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0092 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-40403: The issue was addressed with improv...

6.5CVSS7AI score0.01092EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.3 views

Fedora 41 : udisks2 (2025-809971541d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-809971541d advisory. Harden temporary private mounts 2373301 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

5.6AI score
Exploits0References1
CVE
CVE
added 2025/06/24 3:37 a.m.48 views

CVE-2024-56731

Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...

10CVSS9.9AI score0.00952EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26792 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Best Salon Management System. The issue affects some unknown functionality of the file...

8.8CVSS6.8AI score0.00361EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/06/24 12:0 a.m.2 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

7.4AI score0.02417EPSS
Exploits0References3
NVD
NVD
added 2025/06/23 9:15 p.m.5 views

CVE-2025-52558

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

7CVSS0.00521EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.8 views

CVE-2025-52485

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...

5.1CVSS7AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/06/21 2:44 a.m.35 views

CVE-2025-52487

CVE-2025-52487 affects DNN.PLATFORM (DotNetNuke) prior to version 10.0.1. Versions 7.0.0 up to before 10.0.1 allow a specially crafted request or proxy to bypass the DNN Login IP Filters, enabling login attempts from IPs outside the allow list. The vulnerability is mitigated by upgrading to versi...

8.8CVSS6.4AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/21 2:44 a.m.10 views

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

8.8CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/21 2:40 a.m.37 views

CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...

5.1CVSS0.00178EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/21 12:0 a.m.6 views

Fedora 42 : perl-File-Find-Rule (2025-eef56e1ee1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-eef56e1ee1 advisory. Fix CVE-2011-10007 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

8.8CVSS7.8AI score0.00736EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/20 4:56 p.m.20 views

CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

10CVSS9.7AI score0.13105EPSS
Exploits28References3
CVE
CVE
added 2025/06/20 4:56 p.m.630 views

CVE-2025-49132

Summary (CVE-2025-49132) Pterodactyl Panel versions up to 1.11.10 are affected by an unauthenticated remote code execution via the /locales/locale.json endpoint, where locale and namespace query parameters are passed to PHP include() unsafely. The vulnerability can lead to local file inclusion an...

10CVSS9.7AI score0.13105EPSS
Exploits28References3
Cvelist
Cvelist
added 2025/06/20 4:50 p.m.13 views

CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion

PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...

6.9CVSS0.00485EPSS
Exploits0References3
CVE
CVE
added 2025/06/20 12:39 a.m.27 views

CVE-2025-48058

PowSyBl Core contains a polynomial ReDoS vulnerability in the DataSource mechanism (affecting listNames regex handling) prior to version 6.7.2. Exploitation can cause high CPU due to regex backtracking. The issue has been patched in com.powsybl:powsybl-commons:6.7.2 and related patches in 6.7.2+;...

6.3CVSS6.4AI score0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.6 views

PT-2025-26286 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue was found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/admin running.php. The manipulation of the qty argument leads to...

9.8CVSS7.6AI score0.00394EPSS
Exploits1References11
Rows per page
Query Builder