Lucene search
K

145 matches found

OSV
OSV
added 2022/02/06 9:15 p.m.7 views

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

9.8CVSS7.3AI score0.01306EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.5 views

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the Network API in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS5.7AI score0.00827EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2021/09/02 4:53 p.m.7 views

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

7.1CVSS6.9AI score0.01341EPSS
Exploits2References1
OSV
OSV
added 2021/04/29 6:15 p.m.4 views

CVE-2021-1369

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...

5.4CVSS5.8AI score0.0098EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.6 views

The vulnerability in the API for searching extensions of the WebExtensions framework in the Mozilla Firefox browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of the API for searching WebExtensions extensions in the Mozilla Firefox browser is related to an execution error when searching certain privileged pages, such as “about: debugging”. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protect...

7.1CVSS7.3AI score0.01489EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Systran Pure Neural Server Resource Management Error Vulnerability

Systran Pure Neural Server is a web platform product for document translation from Systran, Germany. A security vulnerability exists in Systran Pure Neural Server prior to version 9.7.0 that stems from an API call in the Translation API function Systran Pure Neural Server prior to 9.7.0 that allo...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2020/10/20 10:48 a.m.42 views

Google’s Waze Can Allow Hackers to Identify and Track Users

A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...

1.5AI score
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/09/15 6:30 p.m.4 views

mysql: Server: C API unspecified vulnerability (CPU Oct 2019)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: C API. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

5.3CVSS7.3AI score0.02226EPSS
Exploits0References5
HackRead
HackRead
added 2020/08/25 7:10 p.m.80 views

Flaw in Safari browser’s API implementation lets user files to be stolen

By Sudais Asif Being one of the major web browsers, Safari browser gets its fair share of scrutiny from cybersecurity professionals. This is a post from HackRead.com Read the original post: Flaw in Safari browsers API implementation lets user files to be stolen...

2.8AI score
Exploits0
OSV
OSV
added 2020/07/15 6:15 p.m.1 views

UBUNTU-CVE-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS6.7AI score0.02221EPSS
Exploits0References4
NVD
NVD
added 2020/04/22 9:15 p.m.19 views

CVE-2020-10890

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.1AI score0.0217EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/22 8:50 p.m.23 views

CVE-2020-10890

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS8.8AI score0.0217EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/02/04 10:43 a.m.7 views

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it...

5.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/22 6:37 p.m.15 views

Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender

Summary There are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender. Vulnerability Details CVEID: CVE-2018-1890 Description: On the AIX platform, the IBM Jav...

9.8CVSS0.8AI score0.37618EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.13 views

PT-2019-5224 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...

9.8CVSS6.7AI score0.4375EPSS
Exploits16References76
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/05 2:15 p.m.52 views

Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

Summary IBM MessageSight has addressed the following Java vulnerabilities: CVE-2019-2698: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code CVE-2019-2697: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code...

8.1CVSS1.4AI score0.12013EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/17 5:10 a.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. These issues have been addressed in IBM Java SDK updates in Apr...

9CVSS0.4AI score0.37618EPSS
Exploits2Affected Software3
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/04/15 7:21 a.m.124 views

Tic Toc Pwned

We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That’s the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch...

7AI score
Exploits0
OSV
OSV
added 2018/12/20 3:29 p.m.4 views

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

9CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2018/12/10 9:2 p.m.116 views

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...

1.8AI score
Exploits0
Rows per page
Query Builder