Lucene search
K

337 matches found

RedHat Linux
RedHat Linux
added 2024/12/03 4:21 p.m.2 views

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

7.5CVSS7.3AI score0.02659EPSS
Exploits1References5
NVD
NVD
added 2024/11/13 5:15 a.m.13 views

CVE-2024-21541

Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...

9.8CVSS0.01052EPSS
Exploits1References3
CVE
CVE
added 2024/11/13 5:0 a.m.84 views

CVE-2024-21541

CVE-2024-21541 affects the npm package dom-iterator prior to version 1.0.1 . The vulnerability stems from use of the Function constructor without complete input sanitization, allowing an attacker-controlled input to generate a new function body, with risks similar to eval. This is corroborated by...

9.8CVSS8.6AI score0.01052EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/11/05 7:15 p.m.12 views

CVE-2024-49773

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

6.5CVSS0.00299EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 6:35 p.m.13 views

CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

5.3CVSS7.7AI score0.00299EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/05 6:35 p.m.19 views

CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

5.3CVSS0.00299EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 6:35 p.m.55 views

CVE-2024-49773

SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/27 12:0 a.m.18 views

RHEL OpenPrinting cups-filters (RHSB-2024:002)

Binary data redhat-RHSB-2024-002.nbin...

9.8CVSS7.5AI score0.76959EPSS
Exploits17References6
NVD
NVD
added 2024/09/26 10:15 p.m.29 views

CVE-2024-47175

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can...

9.8CVSS0.62474EPSS
Exploits6References11
OSV
OSV
added 2024/09/26 9:18 p.m.34 views

CVE-2024-47175 libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can...

8.6CVSS7.8AI score0.62474EPSS
Exploits6References13
CVE
CVE
added 2024/09/26 9:18 p.m.340 views

CVE-2024-47175

CVE-2024-47175 affects CUPS via libppd, where ppdCreatePPDFromIPP2 does not sanitize IPP attributes when building the PPD buffer. When used with functions such as cfGetPrinterAttributes5, attacker-controlled input can lead to code execution through Foomatic, contributing to an exploit chain descr...

9.8CVSS7.7AI score0.62474EPSS
Exploits6References11Affected Software1
CVE
CVE
added 2024/09/10 4:26 a.m.43 views

CVE-2024-44120

The CVE-2024-44120 entry concerns SAP NetWeaver Enterprise Portal, a SAP NetWeaver front-end component. It describes a reflected cross-site scripting (XSS) vulnerability caused by insufficient encoding of user-controlled input. An unauthenticated attacker can craft a malicious URL and entice a us...

4.7CVSS4.5AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 4:26 a.m.13 views

CVE-2024-44120 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the...

4.7CVSS0.00235EPSS
Exploits0References2
Atlassian
Atlassian
added 2024/09/09 12:9 p.m.18 views

Risky Deserialization Calls - benryanconversion ( Office Connector Plugin)

The benryanconversion plugin contains a code path that eventually ends up with a partially user-controlled filename being treated as the input for a call to readObject see FileBackedCache.loadFile. To trigger this, an attacker would need to call the following, with a payload in the sheetName...

7.3AI score
Exploits0Affected Software1
NVD
NVD
added 2024/09/05 1:15 p.m.24 views

CVE-2024-8473

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through useremail parameter in /jobportal/admin/login.php...

6.3CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2024/09/05 1:15 p.m.30 views

CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

6.3CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 7:15 p.m.17 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

6.1CVSS0.28925EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/27 6:45 p.m.28 views

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

4.3CVSS0.28925EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.12 views

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

4.3CVSS7AI score0.28925EPSS
Exploits1References1
OSV
OSV
added 2024/06/27 6:45 p.m.3 views

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

4.3CVSS6AI score0.28925EPSS
Exploits1References3
Rows per page
Query Builder