Lucene search
K

279 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @fmcc-web-platform/platform-experience-lib (npm)

The package @fmcc-web-platform/platform-experience-lib was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in @amber-team/web-platform-utils (npm)

The package @amber-team/web-platform-utils was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in @fmcc-web-platform/react-components (npm)

The package @fmcc-web-platform/react-components was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.5 views

MAL-2025-7077 Malicious code in @amber-team/web-platform-utils (npm)

The package @amber-team/web-platform-utils was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-7938 Malicious code in @fmcc-web-platform/react-components (npm)

The package @fmcc-web-platform/react-components was found to contain malicious code...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.7 views

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications. The XWiki platform allows attackers to perform XSS attacks.

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications, is related to the absence of warnings about dangerous actions when loading edited objects. Exploiting this vulnerability could allow attackers to perform XSS...

6.5CVSS5.4AI score0.0036EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.6 views

The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2025/05/30 9:15 a.m.19 views

CVE-2025-4636

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user...

7.8CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 8:24 a.m.15 views

CVE-2025-4636 Local Privilege Escalation

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user...

7.8CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/05/30 8:24 a.m.46 views

CVE-2025-4636

CVE-2025-4636 concerns local privilege escalation in the Airpointer web platform. Multiple connected sources describe that excessive privileges granted to the web user allow a user-space compromise to escalate to root if an attacker gains control of that account. Documents consistently indicate t...

7.8CVSS7.9AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.3 views

PT-2025-23273 · Unknown · Airpointer Web Platform

Name of the Vulnerable Software and Affected Versions: Airpointer web platform affected versions not specified Description: The issue arises from excessive privileges granted to the web user running the Airpointer web platform. This allows a malicious actor who gains control of this user to...

7.8CVSS6.5AI score0.00139EPSS
Exploits0References5
OSV
OSV
added 2025/05/29 10:15 p.m.6 views

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy...

9.8CVSS5.7AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.6 views

CVE-2024-25640

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

5.4CVSS5.3AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.7 views

CVE-2024-26466

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.1CVSS6AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.5 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS6.8AI score0.01686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:19 a.m.5 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.5CVSS7AI score0.01138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.12 views

Oracle Essbase Multiple Vulnerabilities (April 2025 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Web Platform OpenSSL. The supported version that is affected is 21.7.1.0.0. Easily...

10CVSS6.7AI score0.05966EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.220 views

CMU CERT/CC VINCE 2.0.6 - Stored XSS

Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove v1.0, which stems from an SQL injection in the read.py file...

5.1CVSS7.8AI score0.002EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.9 views

Loggrove 命令注入漏洞

Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...

6.5CVSS6.9AI score0.0145EPSS
Exploits0References3
Rows per page
Query Builder