Lucene search
K

453 matches found

CVE
CVE
added 2024/04/26 12:0 a.m.58 views

CVE-2024-31741

MiniCMS v1.11 has a Cross-Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted string in the URL after login. Exploitation may require user interaction per CVSS metrics (UI:R) and is classified with MEDIUM impact. Public sources (CNVD/CNNVD/NVD) descr...

6.1CVSS6.9AI score0.00373EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2024/03/15 12:0 a.m.49 views

CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...

5.3CVSS7AI score0.01854EPSS
Exploits0
Prion
Prion
added 2024/02/22 8:15 p.m.11 views

Cross site scripting

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

6.2AI score0.00379EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.15 views

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

5.9AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2024/01/30 9:30 a.m.22 views

GHSA-6P78-F7H9-6838 Craft CMS Feed-Me

An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service DoS via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected...

7.5CVSS7.3AI score0.01073EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/01/30 9:30 a.m.41 views

Craft CMS Feed-Me

An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service DoS via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected...

7.5CVSS7AI score0.01073EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/01/30 12:0 a.m.63 views

CVE-2023-36260

CVE-2023-36260 affects the Feed Me plugin (version 4.6.1) on Craft CMS (version 4.6.1). The issue allows remote attackers to cause a Denial of Service by supplying crafted strings to the Feed-Me Name and Feed-Me URL fields when saving a feed via an Asset element with no volume selected. The root ...

7.5CVSS7.5AI score0.01073EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/24 6:15 p.m.17 views

CVE-2023-51890

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

7.5CVSS7.5AI score0.00856EPSS
Exploits1References1
NVD
NVD
added 2024/01/24 6:15 p.m.23 views

CVE-2023-51888

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

7.5CVSS7.3AI score0.00826EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/01/24 6:15 p.m.12 views

CVE-2023-51888

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

7.5CVSS7.1AI score0.00826EPSS
Exploits1References2
Prion
Prion
added 2024/01/24 6:15 p.m.13 views

Design/Logic Flaw

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

5CVSS7.2AI score0.00856EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/01/24 6:15 p.m.17 views

Buffer overflow

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

5CVSS7.1AI score0.00826EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/01/24 6:15 p.m.2 views

UBUNTU-CVE-2023-51890

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

7.5CVSS5.8AI score0.00856EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/01/24 5:15 p.m.28 views

CVE-2023-51887

Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL...

9.8CVSS7.5AI score0.02472EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/01/24 12:0 a.m.12 views

CVE-2023-51888

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

7.5CVSS7.3AI score0.00826EPSS
Exploits1
Debian CVE
Debian CVE
added 2024/01/24 12:0 a.m.21 views

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

9.8CVSS9.7AI score0.01277EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/01/24 12:0 a.m.15 views

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

7.8AI score0.01277EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/24 12:0 a.m.25 views

CVE-2023-51887

Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL...

10AI score0.02472EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/04 11:15 p.m.2 views

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

9.8CVSS6AI score0.00726EPSS
Exploits1References2
Prion
Prion
added 2023/12/04 11:15 p.m.16 views

Design/Logic Flaw

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

4.7CVSS7.4AI score0.00726EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder