Lucene search
K

2125 matches found

Kaspersky
Kaspersky
added 2024/01/09 12:0 a.m.94 views

KLA62824 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, execute arbitrary code. Below is a...

8.8CVSS9.2AI score0.22773EPSS
Exploits2References35
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.6 views

The vulnerability of the TXOne StellarOne centralized control panel of the TXOne StellarProtect industrial protection system, related to access control deficiencies, allows attackers to increase their privileges.

The vulnerability of the TXOne StellarOne centralized control panel of the TXOne StellarProtect industrial protection device is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.7CVSS7.5AI score0.00993EPSS
Exploits0References5Affected Software1
Citrix
Citrix
added 2023/11/30 12:0 a.m.6 views

Citrix published applications being displayed in control panel on the VDA as "delivered by citrix"

Citrix published applications being displayed in control panel on the VDA as "delivered by citrix"...

7.1AI score
Exploits0
OSV
OSV
added 2023/11/22 8:55 p.m.29 views

GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

7.5CVSS6.7AI score0.007EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/11/22 8:55 p.m.26 views

Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

7.5CVSS7.2AI score0.007EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/11/21 11:15 p.m.16 views

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

5.8CVSS6.9AI score0.007EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/21 10:34 p.m.45 views

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS7.6AI score0.007EPSS
Exploits0References3
Veracode
Veracode
added 2023/11/15 7:10 a.m.23 views

Remote Code Execution (RCE)

statamic/cms is vulnerable to Remote Code Execution RCE. This vulnerability impacts both front-end forms employing the Forms feature and asset upload fields in the control panel. Malicious actors can exploit this loophole to introduce and execute arbitrary code via uploading image files...

8.8CVSS8.6AI score0.01104EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/11/14 10:15 p.m.21 views

CVE-2023-48217

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS0.01104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/14 9:38 p.m.12 views

CVE-2023-48217 Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS6.9AI score0.01104EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2023/11/14 12:0 a.m.128 views

KLA61975 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

9.8CVSS10AI score0.88196EPSS
Exploits8References49
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-36642

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive...

9.8CVSS7.3AI score0.09044EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/11/12 3:57 p.m.34 views

Statamic CMS remote code execution via front-end form uploads

Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...

9.8CVSS7.2AI score0.01121EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/10 6:48 p.m.42 views

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

8.3CVSS9.7AI score0.01121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.7 views

PT-2023-25636 · Unknown · Boomerang Parental Control

Name of the Vulnerable Software and Affected Versions: Boomerang Parental Control application versions prior to 13.83 for Android Description: An issue was discovered in the Boomerang Parental Control application where the app is missing the android:allowBackup="false" attribute in the manifest...

4.6CVSS7AI score0.00534EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

Bosch ctrlX HMI Web Panel WR21 Trust Management Issue Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in Bosch ctrlX HMI Web Panel WR21 that originates from allowing an unprivileged attacker to modify the server settings of the Android Agent application, thereby inducing it to connect to a malicious...

7.8CVSS6.7AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2023/10/13 12:24 p.m.12 views

CVE-2023-4517 Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp

Cross-site Scripting XSS - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6...

3.2CVSS4.3AI score0.00401EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/10/11 12:0 a.m.4 views

The vulnerability of the application programming interface of the libcue library allows a hacker to execute arbitrary code.

The vulnerability of the libcue library’s application programming interface is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading the control panel from a malicious web page...

10CVSS8.7AI score0.1657EPSS
Exploits1References11Affected Software7
OSV
OSV
added 2023/10/10 9:15 a.m.2 views

CVE-2023-44259

Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...

8.8CVSS7.3AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2023/10/10 9:15 a.m.11 views

CVE-2023-44259

Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder