Lucene search
K

67 matches found

GithubExploit
GithubExploit
added 2025/04/15 11:3 p.m.80 views

Exploit for CVE-2025-29278

CVE-2025-29278 Proof of Concept PoC: In the Diagnostics tab,...

8.3AI score
Exploits0
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.5 views

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient encoding of...

6.5CVSS6.8AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2024/04/16 6:15 a.m.5 views

DEBIAN-CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS6.5AI score0.01191EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.4 views

PT-2024-18340 · Unknown · Codeastro House Rental Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro House Rental Management System version 1.0 Description: A problematic issue was found in the User Registration Page component, allowing for cross-site scripting through the manipulation of the address argument with malicious input,...

6.1CVSS6.4AI score0.00484EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.6 views

PT-2024-15444 · Unknown · Kashipara Food Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Food Management System version 1.0 Description: A vulnerability was found in the processing of the file party submit.php, where the manipulation of the party address argument leads to cross-site scripting. The attack may be initiate...

6.1CVSS6.6AI score0.00542EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-29263 · Unknown · Online Blood Donation Management System

Name of the Vulnerable Software and Affected Versions: Online Blood Donation Management System version 1.0 Description: The issue concerns multiple Store Cross-Site Scripting vulnerabilities. The address parameter of the "users/register.php" endpoint is vulnerable, as its input is copied into the...

6.3AI score
Exploits0References4
OSV
OSV
added 2023/10/26 5:15 p.m.3 views

CVE-2023-5789

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input leads to cross site scripting. It is possible to launch the attack remotel...

4.8CVSS3.8AI score0.00502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.5 views

PT-2023-32327 · Unknown · Dragon Path 707Gr1

Name of the Vulnerable Software and Affected Versions: Dragon Path 707GR1 up to 20231022 Description: A vulnerability has been found in the Ping Diagnostics component of Dragon Path 707GR1. The issue arises from the manipulation of the Host Address argument with a specific input, , leading to...

4.8CVSS3.8AI score0.00502EPSS
Exploits1References7
OSV
OSV
added 2023/03/22 3:2 p.m.5 views

USN-5968-1 python-git vulnerability

It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.2 views

Event Management System 跨站脚本漏洞

Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...

6.1CVSS3.9AI score0.00657EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/01/10 12:0 a.m.6 views

The vulnerability of the Google Chrome web app installer allows a hacker to manipulate the URL input by using a specially created HTML page.

The vulnerability of the Google Chrome WebApp installer is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to manipulate the URL input using a specially created HTML page...

6.5CVSS6.9AI score0.00784EPSS
Exploits0References8Affected Software7
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the PING function implementation in TP-Link’s microprogrammed router TL-WR840N EU v5 allows a hacker to execute arbitrary code.

The vulnerability of the PING function implementation in TP-Link’s microprogrammed router TL-WR840N EU v5 is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by submitting a payload into the IP address input field...

10CVSS8.5AI score0.7747EPSS
Exploits1References5
NVD
NVD
added 2021/11/13 3:15 p.m.26 views

CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

10CVSS0.7747EPSS
Exploits1References3
OSV
OSV
added 2021/11/13 3:15 p.m.2 views

CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

9.8CVSS6.3AI score0.7747EPSS
Exploits1References3
Prion
Prion
added 2021/11/13 3:15 p.m.26 views

Remote code execution

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

10CVSS9.5AI score0.7747EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/13 3:15 p.m.105 views

CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

10CVSS8.1AI score0.7747EPSS
In wildExploits1References5
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

WordPress Plugin RSVPMaker 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

4CVSS5.2AI score0.01012EPSS
Exploits2References3
Code423n4
Code423n4
added 2021/05/19 12:0 a.m.12 views

Lack of address input validation will lock tokens in contract

Handle 0xRajeev Vulnerability details Impact Functions timeLockERC721 and timeLockERC20 are used by the vault owner to timelock tokens in the vault with a specified recipient address as the only one with the right to withdraw after timelock expiry. If a zero/incorrect recipient address is used he...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/09/08 10:6 a.m.4 views

php: Information disclosure in function get_headers

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

5.3CVSS7.3AI score0.02767EPSS
Exploits1References5
OSV
OSV
added 2020/08/25 8:15 a.m.5 views

CVE-2020-17384

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

7.2CVSS7.3AI score0.01927EPSS
Exploits0References1
Rows per page
Query Builder