CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

682 matches found

Vulnrichment•added 2024/06/24 12:0 a.m.•15 views

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter...

7.2AI score0.00372EPSS

Exploits1References1

CVE•added 2024/06/24 12:0 a.m.•42 views

CVE-2024-37678

CVE-2024-37678 describes a Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v8.0 and earlier. The flaw allows a remote attacker to execute arbitrary code via a crafted script. The affected product is Finesoft (version 8.0 and before); the underlying...

5.3CVSS7.3AI score0.00847EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/06/24 12:0 a.m.•14 views

CVE-2024-37678

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script...

7.2AI score0.00847EPSS

Exploits1References1

Cvelist•added 2024/06/24 12:0 a.m.•15 views

CVE-2024-37678

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script...

0.00847EPSS

Exploits1References1

Cvelist•added 2024/06/24 12:0 a.m.•16 views

CVE-2024-37679

0.00372EPSS

Exploits1References1

CNNVD•added 2024/06/24 12:0 a.m.•2 views

Hangzhou Meisoft Information Technology Finesoft Security Breach

Hangzhou Meisoft Information Technology Finesoft is a pharmaceutical management software from Hangzhou Meisoft Information China. A security vulnerability exists in Hangzhou Meisoft Information Technology Finesoft v.8.0 and prior versions that could allow a remote attacker to execute arbitrary co...

5.3CVSS7.6AI score0.00847EPSS

Exploits1References3

OSV•added 2024/06/22 7:15 p.m.•1 views

CVE-2024-38319

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830...

8.8CVSS5.9AI score

Exploits0References2

Vulnrichment•added 2024/06/22 6:56 p.m.•18 views

CVE-2024-38319 IBM Security SOAR code execution

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830...

7.5CVSS6.7AI score0.00314EPSS

Exploits0References2

CNNVD•added 2024/06/22 12:0 a.m.•2 views

IBM Security SOAR Code Injection Vulnerability

IBM Security SOAR is a product from International Business Machines IBM, formerly known as Resilient, designed to help your security team confidently respond to cyber threats, automate through intelligence, and collaborate through consistency. A code injection vulnerability exists in IBM Security...

8.8CVSS7.4AI score0.00314EPSS

Exploits0References3

Veracode•added 2024/06/13 8:29 a.m.•15 views

Denial Of Service (DoS)

github.com/vektah/gqlparser is vulnerable to Denial Of Service. The vulnerability is due to improper input handling in the ParseQuery function. An attacker can exploit this by sending a crafted script to cause the parser to crash...

3.7CVSS6.1AI score0.00116EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2024/06/12 9:31 p.m.•14 views

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function...

3.7CVSS7AI score0.00116EPSS

Exploits0References6Affected Software2

OSV•added 2024/06/12 9:31 p.m.•11 views

GHSA-2HMF-46V7-V6FX gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function...

5.3CVSS3.8AI score0.00116EPSS

Exploits0References7

Vulnrichment•added 2024/06/12 12:0 a.m.•11 views

CVE-2023-49559

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function...

6.6AI score0.00116EPSS

Exploits0References1

CVE•added 2024/06/12 12:0 a.m.•283 views

CVE-2023-49559

CVE-2023-49559 affects vektah/gqlparser (open-source library) v2.5.10. A crafted script targeting the parseDirectives/ parserDirectives path can cause a denial of service. CVE entries from Red Hat and Veracode corroborate a DoS in gqlparser via parsing input. There is no explicit remediation/vers...

3.7CVSS6.5AI score0.00116EPSS

Exploits0References1

NVD•added 2024/05/15 7:15 p.m.•7 views

CVE-2024-35102

Insecure Permissions vulnerability in VITEC AvediaServer Model avsrv-m8105 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script...

8.8CVSS6.7AI score0.01653EPSS

Exploits0References1

Vulnrichment•added 2024/05/15 6:25 p.m.•14 views

CVE-2024-35102

Insecure Permissions vulnerability in VITEC AvediaServer Model avsrv-m8105 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script...

7.1AI score0.01653EPSS

Exploits0References1

CNNVD•added 2024/05/15 12:0 a.m.•2 views

VITEC AvediaServer 安全漏洞

VITEC AvediaServer is a centralized server from VITEC France. A security vulnerability exists in VITEC AvediaServer version 8.6.2-1, which stems from the presence of an insecure privilege vulnerability that allows remote attackers to escalate privileges via a crafted script...

8.8CVSS7.1AI score0.01653EPSS

Exploits0References3

OSV•added 2024/05/14 3:37 p.m.•2 views

CVE-2024-33454

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component...

6.5CVSS8AI score

Exploits0References1

Veracode•added 2024/05/03 7:6 a.m.•15 views

Cross Site Scripting (XSS)

Jfinalcms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation in the friendship link component, allowing a remote attacker to execute arbitrary code through a crafted script...

6.1CVSS7.9AI score0.00463EPSS

Exploits1References1Affected Software1

NVD•added 2024/05/02 4:15 p.m.•15 views

CVE-2023-50685

An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the clientport parameter...

7.5CVSS6.5AI score0.04282EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by