| Page(s) : 1 ... 377 378 379 380 381 382 383 384 385 386 [387] 388 389 390 391 392 393 394 395 396 397 ... | Result(s) : 299185 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-04-25 | CVE-2025-46617 | cve | Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocument... |
| N/A | 2025-04-25 | CVE-2025-46616 | cve | Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis W... |
| N/A | 2025-04-25 | CVE-2025-46613 | cve | OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable. |
| N/A | 2025-04-25 | CVE-2025-46599 | cve | CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For ex... |
| N/A | 2025-04-25 | CVE-2025-46595 | cve | An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of... |
| N/A | 2025-04-25 | CVE-2025-46547 | cve | In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role... |
| N/A | 2025-04-25 | CVE-2025-46546 | cve | In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /... |
| N/A | 2025-04-25 | CVE-2025-46545 | cve | In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload ca... |
| N/A | 2025-04-25 | CVE-2025-46544 | cve | In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles. |
| N/A | 2025-04-25 | CVE-2025-46535 | cve | Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec... |
| N/A | 2025-04-25 | CVE-2025-46482 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyThemeShop WP Quiz allows Stored XSS.This issue affects WP Quiz:... |
| 9.8 | 2025-04-25 | CVE-2025-46433 | cve | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible |
| 6.5 | 2025-04-25 | CVE-2025-46432 | cve | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs |
| N/A | 2025-04-25 | CVE-2025-46333 | cve | z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompos... |
| N/A | 2025-04-25 | CVE-2025-43865 | cve | React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This ... |
| N/A | 2025-04-25 | CVE-2025-43864 | cve | React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the ... |
| N/A | 2025-04-25 | CVE-2025-43862 | cve | Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchest... |
| N/A | 2025-04-25 | CVE-2025-43016 | cve | In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session |
| 7.2 | 2025-04-25 | CVE-2025-3935 | cve | ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, w... |
| 8.8 | 2025-04-25 | CVE-2025-3928 | cve | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromi... |
| Page(s) : 1 ... 377 378 379 380 381 382 383 384 385 386 [387] 388 389 390 391 392 393 394 395 396 397 ... | Result(s) : 299185 |
