| Page(s) : 1 ... 400 401 402 403 404 405 406 407 408 409 [410] 411 412 413 414 415 416 417 418 419 420 ... | Result(s) : 299257 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-04-22 | CVE-2025-3577 | cve | **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authentica... |
| N/A | 2025-04-22 | CVE-2025-3519 | cve | An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly ... |
| 4.3 | 2025-04-22 | CVE-2025-3518 | cve | It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disa... |
| 9.8 | 2025-04-22 | CVE-2025-3472 | cve | The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to ex... |
| 5.4 | 2025-04-22 | CVE-2025-3458 | cve | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to in... |
| 5.4 | 2025-04-22 | CVE-2025-3457 | cve | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, ... |
| N/A | 2025-04-22 | CVE-2025-3441 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| N/A | 2025-04-22 | CVE-2025-32965 | cve | xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and co... |
| N/A | 2025-04-22 | CVE-2025-32964 | cve | ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically... |
| N/A | 2025-04-22 | CVE-2025-32963 | cve | MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the... |
| N/A | 2025-04-22 | CVE-2025-32961 | cve | The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, ... |
| N/A | 2025-04-22 | CVE-2025-32960 | cve | The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to ret... |
| N/A | 2025-04-22 | CVE-2025-32959 | cve | CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of upl... |
| N/A | 2025-04-22 | CVE-2025-32952 | cve | Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implemen... |
| N/A | 2025-04-22 | CVE-2025-32951 | cve | Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which cons... |
| N/A | 2025-04-22 | CVE-2025-32950 | cve | Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the ... |
| N/A | 2025-04-22 | CVE-2025-32788 | cve | OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass ... |
| 4.6 | 2025-04-22 | CVE-2025-31328 | cve | SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-ba... |
| 4.3 | 2025-04-22 | CVE-2025-31327 | cve | SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacke... |
| 3.8 | 2025-04-22 | CVE-2025-2987 | cve | IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, ... |
| Page(s) : 1 ... 400 401 402 403 404 405 406 407 408 409 [410] 411 412 413 414 415 416 417 418 419 420 ... | Result(s) : 299257 |
