Lucene search
K

48 matches found

NVD
NVD
added 2025/03/10 4:15 p.m.14 views

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

7.5CVSS0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.2 views

Information Kerala Mission SANCHAYA 安全漏洞

Information Kerala Mission SANCHAYA is a web-based application of the Information Kerala Mission Government of India department through which citizens can check their tax dues. A security vulnerability exists in Information Kerala Mission SANCHAYA v3.0.4. An attacker can exploit the vulnerability...

7.5CVSS6.5AI score0.00303EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.16 views

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

0.00303EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.14 views

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

6.8AI score0.00526EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/11/29 12:0 a.m.16 views

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...

6.9AI score0.00992EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/29 12:0 a.m.18 views

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...

9.4AI score0.00992EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/11/14 12:0 a.m.13 views

CVE-2023-43901

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...

7AI score0.00464EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/14 12:0 a.m.14 views

CVE-2023-43901

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user...

6AI score0.00464EPSS
Exploits1References1
NVD
NVD
added 2023/03/27 10:15 p.m.27 views

CVE-2022-48359

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality...

7.5CVSS7.6AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2023/03/27 10:15 p.m.18 views

Code injection

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality...

5CVSS7.6AI score0.00466EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2022/10/19 2:15 a.m.18 views

Design/Logic Flaw

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

5CVSS7.5AI score0.00668EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2022/09/19 1:22 a.m.46 views

U.S. Dept Of Defense: AWS Credentials Disclosure at ███

Sensitive AWS credentials were disclosed through a config.json file found on a server. An attacker could have used these credentials to gain access to sensitive information on the AWS account or perform arbitrary modifications on AWS resources. The affected system host was not disclosed. No CVE...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.11 views

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Lines of code Vulnerability details function matchOneToOneOrders OrderTypes.MakerOrder calldata makerOrders1, OrderTypes.MakerOrder calldata makerOrders2 external uint256 startGas = gasleft; uint256 numMakerOrders = makerOrders1.length; requiremsg.sender == MATCHEXECUTOR, 'OME';...

6.7AI score
Exploits0
CNVD
CNVD
added 2022/06/01 12:0 a.m.13 views

WordPress Content Mask plugin has an unspecified vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...

4.3CVSS2.3AI score0.01052EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.21 views

Schneider Electric Modicon M221 PLCs and SoMachine Basic Protection Mechanism Failure (CVE-2017-7575)

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...

9.8CVSS7.4AI score0.03981EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to arbitrarily modify and set system properties...

10CVSS5.7AI score0.00553EPSS
Exploits0References3
NVD
NVD
added 2021/06/24 4:15 p.m.15 views

CVE-2021-33346

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...

9.8CVSS0.01223EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-4679-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.8AI score0.01026EPSS
Exploits4References2
CNVD
CNVD
added 2020/01/11 12:0 a.m.1 views

Logic flaw vulnerability in ejucms Ar***.php file

EJU real estate system ejucms is a set of localized O2O real estate website platform system. ejucms Ar.php file has a logic flaw vulnerability attackers can exploit the vulnerability to arbitrarily modify the listing information...

6.7AI score
Exploits0
Prion
Prion
added 2020/01/09 10:15 p.m.24 views

Design/Logic Flaw

Samsung Kies before 2.5.0.120942711 has arbitrary directory modification...

5CVSS7.1AI score0.04989EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder