Lucene search
K

16820 matches found

CNNVD
CNNVD
added 2025/10/01 12:0 a.m.6 views

Cisco Cyber Vision Center 跨站脚本漏洞

Cisco Cyber Vision Center is a suite of detection and analysis platforms from Cisco. A cross-site scripting vulnerability exists in Cisco Cyber Vision Center that stems from insufficient validation of inputs to the web-based management interface, which could lead to a cross-site scripting attack...

5.4CVSS6AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

Cisco Cyber Vision Center 跨站脚本漏洞

Cisco Cyber Vision Center is a suite of detection and analysis platforms from Cisco. A cross-site scripting vulnerability exists in Cisco Cyber Vision Center that stems from insufficient validation of inputs to the web-based management interface, which could lead to a cross-site scripting attack...

5.4CVSS6AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/09/30 7:41 p.m.13 views

CVE-2025-36132

CVE-2025-36132 affects IBM Planning Analytics Local (IBM Planning Analytics Workspace) with versions 2.0.0–2.0.106 and 2.1.0–2.1.13. A cross-site scripting vulnerability allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to ...

5.4CVSS4.6AI score0.00175EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2025/09/30 1:23 a.m.7 views

[SECURITY] Fedora 41 Update: nextcloud-31.0.9-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.1CVSS6.9AI score0.0071EPSS
Exploits1
Fedora
Fedora
added 2025/09/30 12:50 a.m.6 views

[SECURITY] Fedora 42 Update: nextcloud-31.0.9-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.1CVSS6.9AI score0.0071EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.3 views

PT-2025-40022

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.0.0 through 2.0.106 IBM Planning Analytics Local versions 2.1.0 through 2.1.13 Description An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering intended...

5.4CVSS4.4AI score0.00175EPSS
Exploits0References5
NVD
NVD
added 2025/09/29 9:15 p.m.4 views

CVE-2025-30247

An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a specially crafted HTTP POST...

9.3CVSS0.01117EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 2:25 p.m.8 views

CVE-2025-36352 IBM License Metric Tool cross-site scripting

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

6.4CVSS0.00166EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/09/29 2:21 p.m.230 views

Exploit for Code Injection in Langflow

It is an offensive tool for web exploitation. The target product...

9.8CVSS7.3AI score0.99968EPSS
Exploits33
RedhatCVE
RedhatCVE
added 2025/09/29 1:48 p.m.3 views

CVE-2025-36239

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS6.5AI score0.00197EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.2 views

Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39904)

A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.2 views

Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39905)

A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...

5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.8 views

PT-2025-39827

Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...

8.2CVSS6.7AI score0.00354EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.3 views

GE UR family Improper Input Validation (CVE-2021-27418)

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6AI score0.00585EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.3 views

Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39906)

A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...

5.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/27 1:16 a.m.4 views

CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS6.1AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/26 8:15 a.m.4 views

CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

6.5CVSS6.5AI score
Exploits0References2
CVE
CVE
added 2025/09/26 7:28 a.m.32 views

CVE-2025-54831

Apache Airflow 3.x (notably 3.0.3) exposes sensitive connection details to users with READ permissions via API/UI, bypassing AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS. Affected: Airflow 3.0.3; mitigation is upgrading to 3.0.4 or newer. This issue does not affect Airflow 2.x, where the behavio...

6.5CVSS6.1AI score0.00903EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.2 views

Clickhouse API Unauthenticated Access

Clickhouse is an open-source columnar database management system for online analytical processing. The Clickhouse HTTP interface allows users to interact with the database using HTTP requests. When no authentication is configured, the Clickhouse API can be accessed without any credentials. This c...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.29 views

Tiny File Manager Default Credentials

Tiny File Manager is a web-based file manager that allows users to manage files on a server through a web interface. By default, Tiny File Manager comes with a default username and password combination. If these default credentials are not changed, a remote and unauthenticated attacker could gain...

7.4AI score
Exploits0References3
Rows per page
Query Builder