The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated....
6.4CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate...
9.8CVSS
9.4AI Score
0.002EPSS
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat...
5.4CVSS
5.3AI Score
0.001EPSS
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a...
5.4CVSS
5.2AI Score
0.001EPSS
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q...
6.1CVSS
6AI Score
0.001EPSS
The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted...
5.9CVSS
5.2AI Score
0.003EPSS
The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...
6AI Score
0.003EPSS
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue...
6.5AI Score
0.004EPSS
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain...
6.2AI Score
0.02EPSS
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir...
7.6AI Score
0.039EPSS
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error...
6.6AI Score
0.067EPSS
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename...
7.1AI Score
0.012EPSS
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable...
7.8AI Score
0.019EPSS
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name...
6AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist...
9AI Score
0.002EPSS
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID...
7.3AI Score
0.047EPSS
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting....
7AI Score
0.047EPSS
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access...
6.6AI Score
0.16EPSS
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the...
7.6AI Score
0.019EPSS
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...
7.1AI Score
0.006EPSS