Lucene search
K

55 matches found

OSV
OSV
added 2025/05/08 12:31 a.m.11 views

GHSA-7VRX-9684-XRF2 Craft CMS stores arbitrary content provided by unauthenticated users in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.2AI score0.01174EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-27833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tv...

8.8CVSS7.1AI score0.00819EPSS
Exploits0References4
Veracode
Veracode
added 2024/12/04 8:5 a.m.5 views

Arbitrary Code Execution

Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...

5.5CVSS5.9AI score0.00502EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2024/08/19 9:49 p.m.16 views

GHSA-F963-4CQ8-2GW7 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Impact A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit...

9.4CVSS8.6AI score0.00639EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2024/08/19 9:49 p.m.22 views

In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Impact A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit...

9CVSS6.7AI score0.00639EPSS
Exploits0References15Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/19 4:24 p.m.26 views

CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned...

9CVSS7.1AI score0.00639EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.42 views

Oracle Linux 9 : webkit2gtk3 (ELSA-2023-6535)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6535 advisory. 2.40.5-1 - Update to 2.40.5 Related: 2176270 2.40.4-1 - Update to 2.40.4 Related: 2176270 2.40.3-2 - Disable JIT Related: 2176270 2.40.3-1 - Update to...

9.8CVSS7.1AI score0.01521EPSS
Exploits0References19
NVD
NVD
added 2023/11/07 7:15 p.m.43 views

CVE-2023-46242

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have programming privileges in order to exploit this vulnerability. This issue...

9.6CVSS0.00381EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.8 views

XWiki Rendering Security Vulnerability

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering that stems from a footnote macro executing its contents in possibl...

9.9CVSS6.8AI score0.01247EPSS
Exploits1References4
NVD
NVD
added 2023/07/27 1:15 a.m.29 views

CVE-2023-38611

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution...

8.8CVSS8.8AI score0.0115EPSS
Exploits0References10
OSV
OSV
added 2023/07/27 12:15 a.m.2 views

UBUNTU-CVE-2023-38597

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution...

8.8CVSS7.4AI score0.01102EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.5 views

XWiki Platform 安全漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the ability to execute any wiki content by creating a prompt UI extension...

9.9CVSS8AI score0.6312EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.7 views

PT-2023-25177 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.5 XWiki Platform versions prior to 15.1-rc-1 Description: The issue allows execution of any wiki content with the rights of the TipsPanel author by creating a tip UI extension. This can be achieved by...

9.9CVSS8.6AI score0.6312EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2022/04/08 12:0 a.m.31 views

CVE-2022-22628

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.01065EPSS
Exploits0References3
OSV
OSV
added 2022/03/18 6:15 p.m.4 views

DEBIAN-CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.01451EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/03/26 12:0 a.m.41 views

CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary...

7.8CVSS6.8AI score0.01361EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.8 views

Xwiki Platform 注入漏洞

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to an injection vulnerability that originates from the author of a wiki macro executing content with the privileges of the author of the wiki macro, rather tha...

7.7CVSS5.6AI score0.00459EPSS
Exploits0References3
OSV
OSV
added 2020/11/24 12:0 a.m.4 views

UBUNTU-CVE-2020-9951

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7AI score0.02333EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2020/04/28 12:0 a.m.43 views

[ASA-202004-23] webkit2gtk: arbitrary code execution

Arch Linux Security Advisory ASA-202004-23 ========================================== Severity: Critical Date : 2020-04-28 CVE-ID : CVE-2020-3899 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1144 Summary ======= The package webkit2gtk...

9.3CVSS2.3AI score0.04017EPSS
Exploits0References4
OSV
OSV
added 2019/12/18 6:15 p.m.2 views

DEBIAN-CVE-2019-8743

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.1AI score0.01558EPSS
Exploits0References1
Rows per page
Query Builder