Lucene search
K

4 matches found

CVE
CVE
added 2026/06/24 9:1 p.m.15 views

CVE-2026-33543

FOSSBilling versions 0.7.2 and earlier expose a guest API endpoint /api/guest/staff/create intended for initial admin bootstrap. A flawed admin-existence check (is_countable() used on a Model_Admin object or null) makes the guard always evaluate true, allowing unauthenticated creation of an admin...

9.3CVSS5.8AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 5:51 a.m.2 views

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

7.6CVSS6.2AI score0.00372EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2022/07/12 2:15 p.m.4 views

CVE-2022-25303

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

6.1CVSS6.3AI score0.009EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/11/22 12:0 a.m.4 views

PT-2018-2666 · Opensuse +4 · Libsolv +4

Name of the Vulnerable Software and Affected Versions: libsolv versions through 0.7.2 Description: The issue is related to errors in resource management, specifically in the pool whatprovides function of the libsolv library. It may allow a remote attacker to cause a denial of service. However, it...

8.8CVSS6.7AI score0.0233EPSS
Exploits4References119
Rows per page
Query Builder