Lucene search
K

7657 matches found

RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.1 views

rubygem-activesupport: File Disclosure of Locally Encrypted Files

An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system...

5.5CVSS5.8AI score0.00258EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/04/23 12:0 a.m.8 views

Slackware: Security Advisory (SSA:2024-113-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/04/22 12:0 a.m.27 views

Slackware: Security Advisory (SSA:2024-110-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.0375EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2024/04/19 12:0 a.m.21 views

Slackware: Security Advisory (SSA:2024-109-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS6.7AI score0.8833EPSS
Exploits16References3
NVD
NVD
added 2024/04/17 9:15 p.m.9 views

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

5.9CVSS5.6AI score0.00316EPSS
Exploits1References1
NVD
NVD
added 2024/04/17 9:15 p.m.10 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

4.6CVSS5.6AI score0.00399EPSS
Exploits1References1
NVD
NVD
added 2024/04/17 9:15 p.m.11 views

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

5.4CVSS5.6AI score0.00404EPSS
Exploits1References1
Slackware Linux
Slackware Linux
added 2024/04/17 8:42 p.m.11 views

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.10.0-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For mo...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-24822 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT...

4.6CVSS6AI score0.00399EPSS
Exploits1References7
CVE
CVE
added 2024/04/17 12:0 a.m.58 views

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

4.6CVSS5.8AI score0.00399EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/17 12:0 a.m.49 views

CVE-2024-32745

CVE-2024-32745 is an XSS vulnerability in WonderCMS v3.4.3. The issue stems from lack of proper filtering/escaping in the PAGE DESCRIPTION parameter of the CURRENT PAGE module under Settings, allowing an attacker to inject arbitrary web scripts or HTML. Public references consistently describe the...

5.9CVSS5.8AI score0.00316EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.14 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.8AI score0.00399EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.63 views

CVE-2024-32338

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...

5.4CVSS5.8AI score0.00404EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.16 views

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

5.7AI score0.00404EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.5 views

PT-2024-24516 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Pag...

5.4CVSS6AI score0.00404EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.15 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.7AI score0.00399EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-24823 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRE...

5.9CVSS5.5AI score0.00316EPSS
Exploits1References8
Slackware Linux
Slackware Linux
added 2024/04/16 6:53 p.m.40 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.10.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

9.8CVSS6.6AI score0.00847EPSS
Exploits2
CNVD
CNVD
added 2024/04/10 12:0 a.m.16 views

Siemens Parasolid Out-of-Bounds Read Vulnerability (CNVD-2024-17299)

Siemens Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing and free-form surface/drawing modeling. An out-of-bounds read vulnerability exists in Siemens Parasolid, which can be exploited by an attack to execute code in the...

7.8CVSS7.3AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from vulnerability to incorrect input validation vulnerability, which could lead t...

9CVSS7.3AI score0.01418EPSS
Exploits0References3
Rows per page
Query Builder