Lucene search
+L

94 matches found

cvelist
cvelist
added 2024/07/19 12:0 a.m.35 views

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful...

0.00211EPSS
Exploits1References1
nessus
nessus
added 2024/03/26 12:0 a.m.43 views

Fedora 39 : w3m (2024-3fc66f8bf3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3fc66f8bf3 advisory. - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 2222775, 2222780, 2255207...

7.8CVSS6.7AI score0.00441EPSS
Exploits4References5
attackerkb
attackerkb
added 2023/12/21 4:15 p.m.2 views

CVE-2023-4255

An out-of-bounds write issue has been discovered in the backspace handling of the checkType function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes,...

5.5CVSS6.7AI score0.00322EPSS
Exploits2References8
cnnvd
cnnvd
added 2023/12/21 12:0 a.m.5 views

w3m Security Vulnerabilities

w3m is a WWW-enabled pager from the personal developer Tatsuya Kinoshita. A security vulnerability exists in W3M, which stems from an out-of-bounds write issue found in the checkType function's backspace handling in etc.c. The vulnerability can be triggered by supplying a specially crafted HTML...

5.5CVSS6.7AI score0.00322EPSS
Exploits2References9
cvelist
cvelist
added 2023/10/19 12:0 a.m.14 views

CVE-2023-45281

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...

6.3AI score0.00413EPSS
Exploits1References1
osv
osv
added 2023/10/19 12:0 a.m.19 views

CVE-2023-45281

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...

6.1CVSS6.8AI score0.00413EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/09/16 12:0 a.m.34 views

CVE-2023-39612

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

5.6AI score0.00725EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/08/31 12:0 a.m.10 views

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

7.6AI score0.01066EPSS
Exploits1References2
cvelist
cvelist
added 2023/08/31 12:0 a.m.31 views

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

9.7AI score0.01066EPSS
Exploits1References2
github
github
added 2023/08/11 3:30 p.m.18 views

xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

8.8CVSS8.1AI score0.00444EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/08/11 3:30 p.m.49 views

GHSA-JP5R-4X9Q-4VCF xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

8.8CVSS9.1AI score0.00444EPSS
Exploits1References3
nvd
nvd
added 2023/08/11 2:15 p.m.20 views

CVE-2020-24922

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

8.8CVSS9.1AI score0.00444EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/07/19 12:0 a.m.12 views

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

7.5AI score0.00427EPSS
Exploits1References2
cvelist
cvelist
added 2023/07/19 12:0 a.m.20 views

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

6.7AI score0.00427EPSS
Exploits1References2
nvd
nvd
added 2023/07/14 6:15 p.m.16 views

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

5.5CVSS0.00361EPSS
Exploits1References6
prion
prion
added 2023/07/14 6:15 p.m.29 views

Design/Logic Flaw

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

1.9CVSS5.1AI score0.00361EPSS
Exploits1References3Affected Software4
ubuntucve
ubuntucve
added 2023/07/14 6:15 p.m.27 views

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

5.5CVSS6.7AI score0.00361EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2023/07/14 6:15 p.m.350 views

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

5.5CVSS6.7AI score0.00361EPSS
Exploits1References2
cvelist
cvelist
added 2023/07/14 5:7 p.m.36 views

CVE-2023-38253 W3m: out of bounds read in growbuf_to_str() at w3m/indep.c

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

4.7CVSS5.5AI score0.00361EPSS
Exploits1References6
osv
osv
added 2023/07/14 5:6 p.m.27 views

CVE-2023-38252 W3m: out of bounds read in strnew_size() at w3m/str.c

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

4.7CVSS6.6AI score0.00361EPSS
Exploits1References9
Rows per page
Query Builder