Lucene search
K

16822 matches found

Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34099 · Undefined · Undefined

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

9.3CVSS7.2AI score0.00953EPSS
Exploits0References9
CVE
CVE
added 2025/08/19 7:3 p.m.24 views

CVE-2025-33008

IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 are affected by CVE-2025-33008, a cross-site scripting vulnerability (CWE-79) that allows an authenticated user to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted ses...

5.4CVSS6.3AI score0.00218EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/08/19 5:32 p.m.30 views

CVE-2025-9149

CVE-2025-9149 affects Wavlink WL-NU516U1 M16U1_V240425. The vulnerability is in the function sub_4032E4 of the file /cgi-bin/wireless.cgi, where manipulation of the argument Guest_ssid enables command injection. The issue is exploitable remotely, and public exploit details (PoC) have been disclos...

9.8CVSS7.7AI score0.05603EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/08/19 4:15 p.m.6 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

5.3CVSS0.00667EPSS
Exploits1References1
Snyk
Snyk
added 2025/08/19 3:31 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/19 3:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/19 3:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 1:15 p.m.5 views

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

5.4CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 1:15 p.m.4 views

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

5.4CVSS5.7AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 1:3 p.m.3 views

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

4.6CVSS6AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 1:3 p.m.14 views

CVE-2025-43740

CVE-2025-43740 is a stored XSS vulnerability in Liferay Portal and Liferay DXP. Affected: Liferay Portal 7.4.3.120–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.8 (also Q4/Q3/Q2/Q1 2024). The issue allows a remote authenticated attacker to inject JavaScript via the web interface’s message boards feature...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/08/19 12:0 a.m.21 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...

5.3CVSS7.6AI score0.00667EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2025/08/19 12:0 a.m.115 views

📄 iDempiere WebUI 12.0.0.202508171158 CSV Injection

A CSV injection vulnerability exists in iDempiere WebUI version 12.0.0.202508171158. A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker ca...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.7 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

0.00667EPSS
Exploits1References1
CVE
CVE
added 2025/08/18 5:36 p.m.63 views

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....

9.4CVSS7.1AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 8:12 p.m.6 views

CVE-2025-36088

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4CVSS6.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/17 11:7 a.m.9 views

CVE-2025-26709

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...

5.7CVSS6.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.13 views

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

6.5CVSS6.8AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.6 views

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

8.5CVSS7AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.9 views

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...

4.9CVSS8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder