9

CVSS3.1

CVE-2025-26206 -

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 7, 2025, 6:28 p.m.

5.1

CVSS3.1

CVE-2023-49031 -

Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 11, 2025, 4:30 p.m.

4.9

CVSS3.1

CVE-2024-53382 - prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: June 27, 2025, 1:08 p.m.

8.1

CVSS3.1

CVE-2025-23368 - Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: March 10, 2026, 6:48 p.m.

5.4

CVSS3.1

CVE-2024-57240 -

A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 10, 2025, 10:43 p.m.

5.4

CVSS3.1

CVE-2024-51091 -

Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package

πŸ“… Published: March 3, 2025, midnight πŸ”„ Last Modified: July 7, 2025, 5:02 p.m.

6.9

CVSS4.0

CVE-2025-1840 - ESAFENET CDG updateorg.jsp sql injection

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remot…

πŸ“… Published: March 2, 2025, 11:31 p.m. πŸ”„ Last Modified: June 5, 2025, 7:55 p.m.

5.3

CVSS4.0

CVE-2025-1836 - Incorta Edit Insight csv injection

A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted e…

πŸ“… Published: March 2, 2025, 11 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-1835 - osuuu LightPicture Api.php upload unrestricted upload

A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been d…

πŸ“… Published: March 2, 2025, 10:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-1834 - zj1983 zz resolve unrestricted upload

A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public…

πŸ“… Published: March 2, 2025, 10 p.m. πŸ”„ Last Modified: May 26, 2025, 12:46 a.m.
Total resulsts: 349182
Page 6503 of 34,919
Β« previous page Β» next page
Filters