Lucene search
+L

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/01 12:30 a.m.4 views

CVE-2024-58342 XenForo Open Redirect via getDynamicRedirect

XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host...

6.3CVSS6AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 9:47 p.m.6 views

CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...

8.8CVSS6.9AI score0.00311EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/21 12:29 p.m.14 views

CVE-2025-66089 WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.1...

4.3CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/09 1:56 a.m.17 views

CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS0.00371EPSS
Exploits0References4
OSV
OSV
added 2024/04/19 5:15 a.m.2 views

CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...

5.9CVSS5.8AI score
Exploits0References1
CNVD
CNVD
added 2020/02/18 12:0 a.m.4 views

Iteris Vantage Velocity Field Unit Operating System Command Injection Vulnerability

The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. An operating system command injection vulnerability exists in the Iteris Vantage Velocity Field Unit versions 2.3.1, 2.4.2, and 3.0. An attacker exploits the vulnerability to execute commands via NTP Server...

10CVSS8AI score0.02535EPSS
Exploits1References1
Rows per page
Query Builder