Lucene search
+L

9 matches found

NVD
NVD
added 2025/12/09 10:16 p.m.5 views

CVE-2025-66645

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS0.0098EPSS
Exploits1References2
OSV
OSV
added 2025/12/09 9:41 p.m.5 views

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS6.8AI score0.0098EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.5 views

PT-2025-47663

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm settings empty trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.1AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/08 10:32 p.m.17 views

CVE-2025-10110 ChanCMS search sql injection

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

6.5CVSS0.00306EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.4 views

CubeFS Log Information Disclosure Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...

6.5CVSS6.2AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.2 views

WordPress theme Real Estate 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Real Estate 7 version 3.3.1 an...

7.1CVSS6.9AI score0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/13 12:0 a.m.9 views

PT-2022-7154 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 3.3.1 through 3.3.4 Description: The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability ...

7.7CVSS9AI score0.02089EPSS
Exploits0References14
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

Evenroute IQrouter Operating System Command Injection Vulnerability

Evenroute IQrouter is a smart router from Evenroute USA. A remote code execution vulnerability exists in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. An attacker can exploit this vulnerability to gain root privileges...

9.8CVSS8.3AI score0.03146EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2020/04/21 12:0 a.m.7 views

PT-2020-12958 · Openwrt +1 · Openwrt +1

Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to control the device, enabling actions such as restarting the network, rebooting, upgrading, or resetting, due to incorrect access control. This issue is...

9.8CVSS6.8AI score0.03189EPSS
Exploits3References8
Rows per page
Query Builder