Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-6804

Malware in sbrugna...

7.2CVSS7.1AI score0.02061EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/07 2:50 p.m.6 views

CVE-2025-6804 Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability

Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this...

7.5CVSS0.01256EPSS
Exploits0References1
Circl
Circl
added 2025/06/27 3:0 a.m.7 views

CVE-2025-6804

creationtimestamp| type| source ---|---|--- 2025-06-27 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-453/...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.15 views

CVE-2024-6804

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS5.8AI score0.00366EPSS
Exploits0References1
Circl
Circl
added 2024/08/27 9:52 a.m.8 views

CVE-2024-6804

creationtimestamp| type| source ---|---|--- 2024-08-27 09:52:35+00:00| seen| https://t.me/cvedetector/4230...

6.4CVSS4.8AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 7:15 a.m.4 views

CVE-2024-6804

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/27 6:48 a.m.35 views

CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS0.00366EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/27 6:48 a.m.19 views

CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS5.8AI score0.00366EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.16 views

WordPress Jeg Elementor Kit Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6804 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e516b60c2ef Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00366EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/24 8:23 p.m.2 views

Malicious code in wlwz-2312-6804 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e94dcb6dc07a90b9c344a79532d22d3f0f5c4077c06d87919da7b0c489adf0fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/01/24 8:23 p.m.9 views

MAL-2024-786 Malicious code in wlwz-2312-6804 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e94dcb6dc07a90b9c344a79532d22d3f0f5c4077c06d87919da7b0c489adf0fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Circl
Circl
added 2024/01/18 7:7 a.m.8 views

CVE-2023-6804

creationtimestamp| type| source ---|---|--- 2024-01-18 07:07:58+00:00| seen| https://t.me/ctinow/169594...

6.5CVSS5.5AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 9:15 p.m.27 views

CVE-2023-6804

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...

6.5CVSS0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/21 8:45 p.m.27 views

CVE-2023-6804 Improper Privilege Management allows for arbitrary workflows to be run

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...

6.5CVSS6.8AI score0.00204EPSS
Exploits0References4
CVE
CVE
added 2023/12/21 8:45 p.m.38 views

CVE-2023-6804

CVE-2023-6804 (GitHub Enterprise Server) : Improper privilege management allows arbitrary workflows to be committed and run using an improperly scoped Personal Access Token, provided a workflow already exists in the target repo. Affected: GitHub Enterprise Server versions 3.8–3.11.x (before fixes...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/02/28 11:15 p.m.21 views

CVE-2020-6804

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system...

6.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2020/02/28 10:38 p.m.122 views

CVE-2020-6804

CVE-2020-6804 is a reflected XSS in Mozilla WebThings Gateway. The vulnerability allows crafted URLs to steal a user’s authentication token via the gateway interface. When paired with CVE-2020-6803 (open redirect on the gateway login page), an attacker could fully compromise the system. The provi...

8.8CVSS5.9AI score0.00749EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/01/29 12:0 a.m.78 views

Rundeck Community Edition Cross Site Scripting

Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...

4.3CVSS6.3AI score0.05315EPSS
Exploits5
0day.today
0day.today
added 2019/01/28 12:0 a.m.63 views

Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...

4.3CVSS6.3AI score0.05315EPSS
Exploits5
exploitpack
exploitpack
added 2019/01/28 12:0 a.m.50 views

Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting

Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...

4.3CVSS6.1AI score0.05315EPSS
Exploits5
Rows per page
Query Builder