Lucene search
K

127 matches found

NVD
NVD
added 2025/01/15 5:15 p.m.20 views

CVE-2025-20088

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

6.5CVSS0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/15 4:49 p.m.35 views

CVE-2025-20086 Insufficient Input Validation on Post Props

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

6.5CVSS0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.10 views

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

5.4CVSS5.5AI score0.00386EPSS
Exploits1References2
NVD
NVD
added 2024/12/16 6:15 a.m.26 views

CVE-2024-56085

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection...

5.9CVSS0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 9:27 a.m.6 views

CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text

The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...

6.3CVSS7.2AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/24 9:47 p.m.25 views

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...

6.4AI score0.00589EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/10/10 9:52 a.m.20 views

K41072952: BIG-IP Appliance mode external monitor vulnerability CVE-2023-43746

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary...

8.7CVSS8.2AI score0.00435EPSS
Exploits0Affected Software13
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.7 views

WordPress plugin WooCommerce Order Status Change Notifier 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS7.3AI score0.00337EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/05/11 12:0 a.m.12 views

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

4.5AI score0.00412EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/01 5:15 a.m.5 views

CVE-2022-32482

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

5.6CVSS6.7AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.8 views

CVE-2022-4372 Web Invoice <= 2.1.3 - Authenticated SQLi

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

7.1AI score0.00983EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.5 views

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...

6.5CVSS6.2AI score0.00996EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:52 p.m.6 views

GHSA-F8H9-7RPQ-7QCC Magento Filter extension bypass via crafted store configuration keys

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious uploa...

7.2CVSS7AI score0.01584EPSS
Exploits0References4
PyPA
PyPA
added 2021/12/06 6:15 p.m.9 views

PYSEC-2021-838

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

6.4CVSS7AI score0.00662EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

NETGEAR R6400 缓冲区错误漏洞

The Netgear NETGEAR R6400 is a wireless router from Netgear, Inc. A security vulnerability exists in the NETGEAR R6400 versions prior to 1.0.1.70 that allows an authenticated user to trigger a stack-based buffer overflow...

7.2CVSS7.7AI score0.00805EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/01/28 10:26 p.m.33 views

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

5.2AI score0.01288EPSS
Exploits2References3
OSV
OSV
added 2018/08/13 5:29 p.m.4 views

CVE-2018-14850

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image...

5.4CVSS5.8AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the MySQL database management system allows unauthorized users, after passing authentication, to affect the accessibility of data.

Software vulnerability in Oracle MySQL, related to a bug in the Partition component. Exploitation of this vulnerability allows an authorized user to compromise data accessibility...

4CVSS6.1AI score0.03786EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2012/07/31 10:45 a.m.8 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

6.1AI score
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2010/06/21 7:30 p.m.2 views

CVE-2010-1958

Cross-site scripting XSS vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name...

2.1CVSS5.7AI score0.00991EPSS
Exploits0References8
Rows per page
Query Builder