Lucene search
K

16 matches found

CVE
CVE
added yesterday4 views

CVE-2026-13822

The CVE describes an inappropriate implementation in Google Chrome extensions on Android prior to version 150.0.7871.47, where a user-supplied malicious extension could bypass the same-origin policy via a crafted extension. Affected product: Chrome for Android; root cause: faulty extension handli...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 6:25 a.m.8 views

CVE-2024-13822

The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.00315EPSS
Exploits1References1
NVD
NVD
added 2025/02/24 6:15 a.m.13 views

CVE-2024-13822

The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/02/24 6:0 a.m.58 views

CVE-2024-13822

The CVE-2024-13822 entry concerns the WordPress plugin Total Contest Lite (Photo Contest | Competition | Video Contest) up to version 2.8.1, which outputs an unsanitized parameter, enabling a Reflected XSS. Connected sources corroborate a reflected-XSS issue in Total Contest Lite (versions ≤ 2.8....

6.1CVSS5.8AI score0.00315EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/24 6:0 a.m.6 views

CVE-2024-13822 Total Contest Lite <= 2.8.1 - Reflected XSS

The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00315EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.226 views

Nginx Source Code Disclosure/Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nginx Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions 0.7 a...

5CVSS7AI score0.71926EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2020/12/15 5:14 p.m.74 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.8AI score0.17611EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/10/27 4:22 p.m.123 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update

An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.7CVSS7.8AI score0.99019EPSS
Exploits30References22
RedhatCVE
RedhatCVE
added 2020/06/18 4:55 p.m.20 views

CVE-2020-13822

The Elliptic for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

6.8CVSS4AI score0.02629EPSS
Exploits1References4
CVE
CVE
added 2020/06/04 2:1 p.m.131 views

CVE-2020-13822

CVE-2020-13822 concerns the Elliptic package for Node.js (notably versions around 6.5.2) and describes ECDSA signature malleability caused by variations in encoding, leading to spurious or non-canonical signatures (e.g., leading '\0' bytes) and potential security impact if a single canonical sign...

7.7CVSS7.5AI score0.02629EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/08/30 2:29 p.m.20 views

CVE-2018-13822

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information...

7.5CVSS7.5AI score0.01334EPSS
Exploits0References2
CVE
CVE
added 2018/08/30 2:0 p.m.40 views

CVE-2018-13822

CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below are affected by CVE-2018-13822 due to unprotected storage of credentials. This allows attackers to access sensitive information. The Connected documents confirm the affected versions and the credential storage issue; no...

7.5CVSS7.4AI score0.01334EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/08/30 2:0 p.m.17 views

CVE-2018-13822

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information...

7.5AI score0.01334EPSS
Exploits0References2
NVD
NVD
added 2017/11/13 3:29 a.m.13 views

CVE-2017-13822

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...

5.5CVSS5.2AI score0.00871EPSS
Exploits0References2
CVE
CVE
added 2017/11/13 3:0 a.m.76 views

CVE-2017-13822

CVE-2017-13822 affects macOS up to 10.13.0; the issue is in the Quick Look component, allowing a crafted app to bypass memory-read restrictions and read restricted memory. Affected product/area: macOS Quick Look. Root cause: memory-restriction bypass via crafted app. Impact: attacker can read res...

5.5CVSS5.6AI score0.00871EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2017/01/24 2:45 p.m.9 views

dtdc.in XSS vulnerability

Vulnerable URL: http://www.dtdc.in/location-finder.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13822 VIP website status:| Yes Check dtdc.in SSL connection:| Grade: F...

6.3AI score
Exploits0
Rows per page
Query Builder