Lucene search
K

2772 matches found

OSV
OSV
added 2025/06/02 7:24 p.m.19 views

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS6.1AI score0.00313EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23480 · Multilaser · Multilaser Sirius Re016 Mlt1.0

Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A problem was found in the processing of the file /cgi-bin/cstecgi.cgi, which leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and...

6.9CVSS5AI score0.00432EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2025/06/02 12:0 a.m.3 views

Debian: Security Advisory (DLA-4203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.1AI score0.00478EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.9 views

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

4.8CVSS5.9AI score0.00187EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.6 views

PT-2025-23371 · WordPress · Wp-Geometa

Name of the Vulnerable Software and Affected Versions: WP-GeoMeta plugin for WordPress versions 0.3.4 through 0.3.5 Description: The issue is related to a missing capability check on the wp ajax wpgm start geojson import function, allowing authenticated attackers with Subscriber-level access and...

8.8CVSS8.4AI score0.0034EPSS
Exploits0References10
OSV
OSV
added 2025/05/30 1:48 p.m.2 views

OESA-2025-1563 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS6.6AI score0.00559EPSS
Exploits1References2
OSV
OSV
added 2025/05/30 6:26 a.m.4 views

CVE-2025-48875 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

4.6CVSS6.3AI score0.00214EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/30 6:18 a.m.11 views

CVE-2025-48489 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

4.6CVSS0.00187EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/30 6:17 a.m.5 views

CVE-2025-48487 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...

6CVSS6.1AI score0.00222EPSS
Exploits1References1
OSV
OSV
added 2025/05/30 6:16 a.m.7 views

CVE-2025-48485 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer...

6.1CVSS5.9AI score0.00215EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/05/30 6:13 a.m.14 views

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

8.6CVSS0.00764EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/05/30 6:11 a.m.34 views

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

9.3CVSS9AI score0.99959EPSS
Exploits20
NVD
NVD
added 2025/05/30 5:15 a.m.12 views

CVE-2025-48482

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

5.3CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2025/05/30 3:37 a.m.73 views

CVE-2025-47952

Traefik (HTTP reverse proxy/load balancer) had a path-matching bypass vulnerability prior to 2.11.25 and 3.4.1 when a URL with an encoded path string could bypass the middleware chain and target a backend exposed via another router. Affected versions: <2.11.25 and

9.1CVSS6.4AI score0.00784EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/30 12:0 a.m.3 views

Photon OS 4.0: Nodejs PHSA-2025-4.0-0807

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0807. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS8.1AI score0.00763EPSS
Exploits0References2
Information Security Automation
Information Security Automation
added 2025/05/29 9:46 p.m.14 views

About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

6.1CVSS7.3AI score0.58483EPSS
Exploits3
OSV
OSV
added 2025/05/29 4:32 p.m.5 views

CVE-2025-46570 vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First Token. These timing differences...

2.6CVSS6.5AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.5 views

PT-2025-23672 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 version 16.03.13.11 multi TDE01 Description: A critical issue affects the function save staticroute data of the file "/goform/SetStaticRouteCfg". The manipulation of the argument list leads to a stack-based buffer overflow. The atta...

9CVSS8.8AI score0.0804EPSS
Exploits1References12
CBLMariner
CBLMariner
added 2025/05/28 9:14 p.m.7 views

CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8

CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8. A patched version of the package is available...

5.3CVSS7.1AI score0.01131EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/05/28 9:14 p.m.2 views

CVE-2025-32415 affecting package libxml2 for versions less than 2.11.5-5

CVE-2025-32415 affecting package libxml2 for versions less than 2.11.5-5. A patched version of the package is available...

7.5CVSS6.9AI score0.00527EPSS
Exploits1
Rows per page
Query Builder