CVE-2025-31144

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running...

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

BELL-CVE-2022-31144 CVE-2022-31144 does not affect BellSoft software

Bulletin has no description...

CVE-2023-31144 Craft CMS vulnerable to cross site scripting in RSS feed widget

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4...

CVE-2023-31144 Craft CMS vulnerable to cross site scripting in RSS feed widget

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4...

CVE-2023-31144

CVE-2023-31144 affects Craft CMS RSS/feed widget title handling. A malformed title can deliver a cross-site scripting payload. Affected versions are 3.0.0–3.8.3 and 4.0.0–4.4.3; the issue is fixed in 3.8.4 and 4.4.4. Public references from Craft CMS advisories and GitHub GHSA confirm the XSS, wit...

CVE-2022-31144 affecting package redis 6.2.7-1

CVE-2022-31144 affecting package redis 6.2.7-1. This CVE either no longer is or was never applicable...

CVE-2022-31144 affecting package redis for versions less than 6.2.9-1

CVE-2022-31144 affecting package redis for versions less than 6.2.9-1. This CVE either no longer is or was never applicable...

CVE-2022-31144

creationtimestamp| type| source ---|---|--- 2022-07-20 00:41:09+00:00| seen| https://t.me/cibsecurity/46594 2025-04-23 18:05:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13093...

UBUNTU-CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

CVE-2022-31144

Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...

FreeBSD : redis -- Potential remote code execution vulnerability (871d93f9-06aa-11ed-8d5f-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 871d93f9-06aa-11ed-8d5f-080027f5fec9 advisory. - The Redis core team reports: A specially crafted XAUTOCLAIM command on a stream key in a specific sta...

CVE-2021-31144

...

CVE-2021-31144

CVE-2021-31144 entry is rejected/not used and does not represent an active vulnerability.

WordPress raygun4wp plugin cross-site scripting vulnerability (CNVD-2019-31144)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. raygun4wp is a website monitoring plugin used in it. A cross-site scripting vulnerability exists in the WordPress...