Lucene search
K

320 matches found

RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.6 views

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.7 views

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.3 views

CVE-2025-41046

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:14 a.m.3 views

CVE-2025-41060 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:11 a.m.12 views

CVE-2025-41044

CVE-2025-41044 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint, specifically through the data[Page][name] parameter. Public sources consistently describe the vulnerability as cross-site ...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.8 views

PT-2025-35919

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35924

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:39 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

8.7CVSS9.2AI score0.00759EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/08/14 7:15 p.m.6 views

CVE-2025-54708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through = 2.0.5...

6.5CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 7:2 p.m.6 views

CVE-2025-8976 givanz Vvveb Endpoint post cross site scripting

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.1CVSS6.6AI score0.00256EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/07/28 11:35 p.m.3 views

SUSE CVE-2024-32867

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19...

5.3CVSS6.8AI score0.00699EPSS
Exploits0References2
OSV
OSV
added 2025/07/07 3:15 p.m.4 views

CVE-2025-6711

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0...

4.9CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2025/06/26 2:15 p.m.5 views

UBUNTU-CVE-2025-6710

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which coul...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.4 views

Drupal Paragraphs table 安全漏洞

Drupal Paragraphs table is a table generation tool for the Drupal community. A security vulnerability exists in Drupal Paragraphs table versions prior to 2.0.5 that stems from improper input neutralization and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.7 views

CVE-2023-30540

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...

4.3CVSS6.5AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.4 views

CVE-2023-0934

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.9AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.12 views

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

5.4CVSS5.6AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.7 views

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

6.5CVSS6.8AI score0.00942EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 a.m.6 views

CVE-2019-5395

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...

8.8CVSS7.1AI score0.02301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.12 views

CVE-2019-15650

The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...

4.3CVSS7AI score0.00885EPSS
Exploits0References1
Rows per page
Query Builder