CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1353 – Kong Insomnia profapi.dll untrusted search path
https://notcve.org/view.php?id=CVE-2025-1353
16 Feb 2025 — A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. • https://vuldb.com/?ctiid.295961 • CWE-426: Untrusted Search Path •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2020-35189
https://notcve.org/view.php?id=CVE-2020-35189
17 Dec 2020 — The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. Las imágenes de docker de official kong versiones anteriores a 1.0.2-alpine (específicas de Alpine), contienen una contraseña en blanco para un usuario root. El sistema que usa el contenedor de docker kong implementado por unas vers... • https://github.com/koharin/koharin2/blob/main/CVE-2020-35189 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2012-6572
https://notcve.org/view.php?id=CVE-2012-6572
21 Jun 2013 — Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función phptemplate_preprocess_node en template.php en el tema Inf08 v6.x-1.x anterior a v6.x-1.10 para Drupal, permite a ata... • http://osvdb.org/85422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •