Page 4 of 54062 results (0.303 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

12 Mar 2025 — A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://ctf-n0el4kls.notion.site/LoveCardsV2-Unauthentication-to-RCE-Vulnerability-19841990f44780de8263c1f77a007a83 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 1

12 Mar 2025 — This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. • https://ctf-n0el4kls.notion.site/LoveCardsV2-Unauthentication-to-RCE-Vulnerability-19841990f44780de8263c1f77a007a83? • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

12 Mar 2025 — The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3250719/simply-schedule-appointments/trunk/booking-app-new/page-appointment-edit.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1

11 Mar 2025 — Davon betroffen ist unbekannter Code der Datei userfiles/modules/settings/group/website_group/index.php der Komponente Settings Handler. • https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

11 Mar 2025 — This vulnerability affects unknown code of the file /wlanPrimaryNetwork.asp of the component Wireless Menu. • https://vuldb.com/?ctiid.299284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

11 Mar 2025 — A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.299283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

11 Mar 2025 — A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

11 Mar 2025 — A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

11 Mar 2025 — A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •