Lucene search
+L

173 matches found

CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from unverified password reset code that could lead to full account control...

8.1CVSS8.1AI score0.00614EPSS
Exploits1References1
RubySec
RubySec
added 2025/03/03 12:0 a.m.18 views

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

9.8CVSS6.7AI score0.26338EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 11:53 p.m.19 views

CVE-2022-29168

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

9.6CVSS7.1AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:53 p.m.25 views

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

9.6CVSS6.7AI score0.00957EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.10 views

CVE-2020-36713

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'updateuserprofile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delet...

9.8CVSS7.3AI score0.01605EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:38 p.m.5 views

CVE-2024-40638

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

8.8CVSS7.9AI score0.36733EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 7:30 p.m.10 views

CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...

8.7CVSS8.4AI score0.00487EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/11 10:6 p.m.7 views

CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...

6.2CVSS6AI score0.00447EPSS
Exploits1References2
OSV
OSV
added 2024/12/11 10:6 p.m.10 views

CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...

6.2CVSS5.9AI score0.00447EPSS
Exploits1References4
Trellix
Trellix
added 2024/11/07 12:0 a.m.11 views

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2024/10/29 9:0 a.m.108 views

Exploit for CVE-2024-53588

iTop-privesc MY FIRST 0-DAY!!! - CVE-2024-53588 A privileg...

7.8CVSS8.2AI score0.00189EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2024/09/10 7:0 a.m.79 views

September 10, 2024—KB5043067 (OS Build 22000.3197)

None None...

9.8CVSS6.8AI score0.70564EPSS
Exploits27
Microsoft KB
Microsoft KB
added 2024/09/10 7:0 a.m.81 views

September 10, 2024—KB5043092 (Security-only update)

None None...

9.8CVSS6.8AI score0.51883EPSS
Exploits3
Microsoft KB
Microsoft KB
added 2024/09/10 7:0 a.m.683 views

September 10, 2024—KB5043051 (OS Build 14393.7336) - EXPIRED

None None...

9.8CVSS6.8AI score0.51883EPSS
Exploits3
Microsoft KB
Microsoft KB
added 2024/08/13 7:0 a.m.814 views

July 9, 2024—KB5040434 (OS Build 14393.7159) - EXPIRED

None None...

9.8CVSS6.8AI score0.51097EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/06/18 1:30 p.m.22 views

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

Yealink VP59 安全漏洞

YeaLink VP59 is a flagship smart video phone from China-based YeaLink. A security vulnerability exists in the Yealink VP59 Teams Editions version 91.15.0.118, which stems from a flaw that allows an attacker to take control of an account via the factory reset process...

6.8CVSS6.8AI score0.00372EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/25 12:0 a.m.9 views

CVE-2024-30939

An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure...

7.1AI score0.00372EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.6 views

PT-2024-23683 · Yealink · Yealink Vp59 Teams Editions

Name of the Vulnerable Software and Affected Versions: Yealink VP59 Teams Editions version 91.15.0.118 Description: An issue in the factory reset procedure of Yealink VP59 Teams Editions allows a physically proximate attacker to gain control of an account. Recommendations: For Yealink VP59 Teams...

6.8CVSS6.9AI score0.00372EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2024/01/19 7:42 a.m.43 views

Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package

A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included ...

7AI score
Exploits0
Rows per page
Query Builder