Lucene search

K

1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Security Vulnerabilities

github
github

Concrete CMS vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
5
osv
osv

Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
3
github
github

Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
4
github
github

Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
4
cve
cve

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

5AI Score

0.0004EPSS

2024-02-09 08:15 PM
14
nvd
nvd

CVE-2024-1245

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

4AI Score

0.0004EPSS

2024-02-09 08:15 PM
1
nvd
nvd

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

4AI Score

0.0004EPSS

2024-02-09 08:15 PM
cve
cve

CVE-2024-1245

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

4.9AI Score

0.0004EPSS

2024-02-09 08:15 PM
14
prion
prion

Input validation

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

6.2AI Score

0.0004EPSS

2024-02-09 08:15 PM
5
prion
prion

Cross site scripting

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 08:15 PM
3
cvelist
cvelist

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

2.4CVSS

5.2AI Score

0.0004EPSS

2024-02-09 07:43 PM
cvelist
cvelist

CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

2CVSS

5.2AI Score

0.0004EPSS

2024-02-09 07:33 PM
cve
cve

CVE-2024-1247

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

5AI Score

0.0004EPSS

2024-02-09 07:15 PM
18
nvd
nvd

CVE-2024-1247

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

4AI Score

0.0004EPSS

2024-02-09 07:15 PM
prion
prion

Input validation

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

6.2AI Score

0.0004EPSS

2024-02-09 07:15 PM
10
cvelist
cvelist

CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

2CVSS

5.2AI Score

0.0004EPSS

2024-02-09 06:58 PM
thn
thn

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

8.4CVSS

7.9AI Score

0.004EPSS

2024-02-09 04:32 PM
36
ics
ics

ProPump and Controls Osprey Pump Controller (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ProPump and Controls, Inc. Equipment: Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of.....

9.8CVSS

10AI Score

0.002EPSS

2024-02-08 12:00 PM
15
ics
ics

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Qolsys, Inc. Equipment: IQ Panel 4, IQ4 Hub Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

9.8CVSS

7.2AI Score

0.001EPSS

2024-02-08 12:00 PM
14
nvidia
nvidia

Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024

NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product Security. Details This section provides a summary of...

8.8CVSS

9.4AI Score

0.001EPSS

2024-02-08 12:00 AM
9
ics
ics

HID Global Encoders

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-02-06 12:00 PM
12
ics
ics

HID Global Reader Configuration Cards

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...

5.3CVSS

5.4AI Score

0.001EPSS

2024-02-06 12:00 PM
25
githubexploit
githubexploit

Exploit for Use After Free in Linux Linux Kernel

CVE-2023-5178 The exploit for [CVE-2023-5178: NVMe-oF-TCP...

9.8CVSS

9.6AI Score

0.025EPSS

2024-02-05 03:58 PM
163
veracode
veracode

Insecure Transport

go.etcd.io/etcd/client/pkg/v3 is vulnerable to Insecure Transport. The vulnerability is due to default weak ciphers...

7AI Score

2024-02-05 07:21 AM
5
gentoo
gentoo

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced....

7.5CVSS

7.7AI Score

0.004EPSS

2024-02-04 12:00 AM
14
github
github

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd by default contains weak ciphers. Workarounds Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation References Find out more on this vulnerability in the...

7.1AI Score

2024-02-03 12:02 AM
7
osv
osv

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd by default contains weak ciphers. Workarounds Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation References Find out more on this vulnerability in the...

7.1AI Score

2024-02-03 12:02 AM
1
gitlab
gitlab

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd by default contains weak ciphers. Workarounds Provide a desired ciphers using the --cipher-suites flag as described with examples in the security documentation References Find out more on this vulnerability in the...

7.1AI Score

2024-02-03 12:00 AM
6
ics
ics

AVEVA Edge products (formerly known as InduSoft Web Studio)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio) Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an...

7.3CVSS

8AI Score

0.0004EPSS

2024-02-01 12:00 PM
9
ics
ics

Gessler GmbH WEB-MASTER

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Gessler GmbH Equipment: WEB-MASTER Vulnerabilities: Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take...

9.8CVSS

7.9AI Score

0.001EPSS

2024-02-01 12:00 PM
13
filippoio
filippoio

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

6.8AI Score

2024-01-30 05:48 PM
7
debiancve
debiancve

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

6.9AI Score

0.001EPSS

2024-01-30 04:15 PM
22
cve
cve

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

8.3AI Score

0.001EPSS

2024-01-30 04:15 PM
26
nvd
nvd

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

8.5AI Score

0.001EPSS

2024-01-30 04:15 PM
prion
prion

Path traversal

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

7AI Score

0.001EPSS

2024-01-30 04:15 PM
7
cvelist
cvelist

CVE-2024-1019 WAF bypass of the ModSecurity v3 release line

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

8.7AI Score

0.001EPSS

2024-01-30 04:09 PM
ics
ics

Hitron Systems Security Camera DVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Hitron Systems Equipment: DVR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS

7.2AI Score

0.0005EPSS

2024-01-30 12:00 PM
15
ics
ics

Emerson Rosemount GC370XA, GC700XA, GC1500XA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

9.8CVSS

8.9AI Score

0.001EPSS

2024-01-30 12:00 PM
20
ics
ics

Mitsubishi Electric CNC Series (Update E)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to...

9.8CVSS

9.8AI Score

0.004EPSS

2024-01-30 12:00 PM
24
ics
ics

Rockwell Automation LP30/40/50 and BM40 Operator Interface

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...

8.8CVSS

8.4AI Score

0.002EPSS

2024-01-30 12:00 PM
9
ics
ics

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

8.6CVSS

8.5AI Score

0.0005EPSS

2024-01-30 12:00 PM
16
ics
ics

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to login...

7.5CVSS

7.4AI Score

0.001EPSS

2024-01-30 12:00 PM
6
ics
ics

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...

9.8CVSS

8.6AI Score

0.002EPSS

2024-01-30 12:00 PM
11
ics
ics

Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.8CVSS

5.5AI Score

0.001EPSS

2024-01-30 12:00 PM
40
osv
osv

Craft CMS Feed-Me

An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume...

7.5CVSS

6.9AI Score

0.001EPSS

2024-01-30 09:30 AM
4
osv
osv

CVE-2023-36259

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-01-30 09:15 AM
7
ubuntucve
ubuntucve

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS

6.8AI Score

0.001EPSS

2024-01-30 12:00 AM
31
cve
cve

CVE-2024-0942

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is....

4.3CVSS

4.7AI Score

0.001EPSS

2024-01-26 08:15 PM
30
nvd
nvd

CVE-2024-0942

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is....

4.3CVSS

4.3AI Score

0.001EPSS

2024-01-26 08:15 PM
prion
prion

Information disclosure

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is....

4.3CVSS

7AI Score

0.001EPSS

2024-01-26 08:15 PM
5
Total number of security vulnerabilities34923