CVE-2024-55060

3 روز قبل 3 روز قبل 0
A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2025-2230

3 روز قبل 3 روز قبل 0
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.

CVE-2025-2229

3 روز قبل 3 روز قبل 0
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

CVE-2025-27496

3 روز قبل 3 روز قبل 0
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. ...

CVE-2025-25598

3 روز قبل 3 روز قبل 0
Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.

CVE-2025-25363

3 روز قبل 3 روز قبل 0
An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileg ...

CVE-2025-24053

3 روز قبل 3 روز قبل 0
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CVE-2024-30143

3 روز قبل 3 روز قبل 0
HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits ...

CVE-2025-2284

3 روز قبل 3 روز قبل 0
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

CVE-2025-2265

3 روز قبل 3 روز قبل 0
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of h ...

CVE-2025-2264

3 روز قبل 2 روز قبل 0
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the appli ...

CVE-2025-2263

3 روز قبل 2 روز قبل 0
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the func ...

CVE-2025-2081

3 روز قبل 3 روز قبل 0
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.

CVE-2025-2080

3 روز قبل 3 روز قبل 0
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication mea ...

CVE-2025-2079

3 روز قبل 3 روز قبل 0
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token ...

CVE-2025-29773

3 روز قبل 3 روز قبل 0
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an exi ...

CVE-2025-29768

3 روز قبل 3 روز قبل 0
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an arch ...

CVE-2025-28011

3 روز قبل 3 روز قبل 0
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpa ...

CVE-2025-27138

3 روز قبل 3 روز قبل 0
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may ...

CVE-2025-27107

3 روز قبل 3 روز قبل 0
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-2 ...

4 ماه قبل 4 ماه قبل 22
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

5 ماه قبل 5 ماه قبل 15
reNgine 2.2.0 - Command Injection (Authenticated)

5 ماه قبل 5 ماه قبل 17
openSIS 9.1 - SQLi (Authenticated)

5 ماه قبل 5 ماه قبل 16
dizqueTV 1.5.3 - Remote Code Execution (RCE)

6 ماه قبل 6 ماه قبل 18
NoteMark < 0.13.0 - Stored XSS

6 ماه قبل 6 ماه قبل 14
Gitea 1.22.0 - Stored XSS

6 ماه قبل 6 ماه قبل 15
Invesalius3 - Remote Code Execution

6 ماه قبل 6 ماه قبل 26
Windows TCP/IP - RCE Checker and Denial of Service

6 ماه قبل 6 ماه قبل 18
Aurba 501 - Authenticated RCE

6 ماه قبل 6 ماه قبل 16
HughesNet HT2000W Satellite Modem - Password Reset

6 ماه قبل 6 ماه قبل 19
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

6 ماه قبل 6 ماه قبل 17
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

6 ماه قبل 6 ماه قبل 17
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

6 ماه قبل 6 ماه قبل 17
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

6 ماه قبل 6 ماه قبل 16
Helpdeskz v2.0.2 - Stored XSS

6 ماه قبل 6 ماه قبل 14
Calibre-web 0.6.21 - Stored XSS

7 ماه قبل 7 ماه قبل 19
Devika v1 - Path Traversal via 'snapshot_path'

7 ماه قبل 7 ماه قبل 14
Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

7 ماه قبل 7 ماه قبل 17
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

7 ماه قبل 7 ماه قبل 15
Oracle Database 12c Release 1 - Unquoted Service Path