Lucene search
K

189 matches found

OSV
OSV
added 2025/05/12 6:15 a.m.5 views

CVE-2025-3649

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...

6.8CVSS5.8AI score0.00372EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 8:44 p.m.33 views

Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)

Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...

7.5CVSS7.2AI score0.01505EPSS
Exploits0Affected Software1
Brave Browser
Brave Browser
added 2025/04/02 9:9 a.m.8 views

Brave Desktop 1.77.95 Security Fixes

Updated brave://downloads to always display the download URL as reported on HackerOne by cj27. - Prevent extensions from injecting content scripts on https://account.brave.com as reported on HackerOne by newfunction. Upgraded Chromium to 135.0.7049.52 — refer to Google Chrome advisories for...

5.8AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 1:21 a.m.21 views

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)

Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...

5.4CVSS5.7AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/10 6:28 p.m.44 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-45663)

Summary IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the...

7.5CVSS6.5AI score0.00696EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/10/03 6:26 p.m.11 views

GHSA-6784-9C82-VR85 Injection of arbitrary HTML/JavaScript code through the media download URL

Impact This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially allow attackers to steal sensitive...

6.1CVSS6.2AI score0.00331EPSS
Exploits0References6
CVE
CVE
added 2024/10/03 2:24 p.m.58 views

CVE-2024-47617

Sulu CMS is affected by a Reflected XSS in the media download URL via the SuluMediaBundle. The issue stems from how the slug parameter is handled in the MediaStreamController downloadAction, allowing injection of arbitrary HTML/JavaScript. Affected versions include 2.6.4/2.5.20 (prior to fixes). ...

6.1CVSS6AI score0.00331EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/03 2:24 p.m.12 views

CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...

6.1CVSS6.1AI score0.00331EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/03 2:24 p.m.13 views

CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...

6.1CVSS6AI score0.00331EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 7:25 p.m.29 views

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)

Summary A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs. Vulnerability Details CVEID:CVE-2024-35151 DESCRIPTION: IBM OpenPages with Watson could allow authenticated users access to sensitive information through...

6.5CVSS6.4AI score0.00439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/28 6:58 p.m.54 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)

Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details CVEID:CVE-2023-50308 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server under...

6.5CVSS6.9AI score0.00774EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/20 2:30 p.m.15 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)

Summary IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-35136 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server is vulnerable to denial of...

6.5CVSS5.9AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 9:14 p.m.24 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)

Summary IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Vulnerability Details CVEID:CVE-2024-35152 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...

6.5CVSS6.5AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 9:11 p.m.16 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...

6.5CVSS6.2AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/11 5:41 p.m.28 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details CVEID:CVE-2024-31881 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...

6.5CVSS7.7AI score0.006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/11 5:40 p.m.23 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details CVEID:CVE-2024-31880 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect...

6.5CVSS9.5AI score0.00394EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/05/07 12:15 p.m.12 views

CVE-2024-4537

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...

7.5CVSS7.4AI score0.00661EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 11:35 a.m.18 views

CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...

7.5CVSS7.6AI score0.00661EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 11:35 a.m.41 views

CVE-2024-4537

CVE-2024-4537 describes an IDOR vulnerability in Janto Ticketing Software version 4.3r10. The issue could allow a remote attacker to obtain another user’s download URL to access purchased tickets, indicating a potential confidentiality impact. Server-side access control appears insufficient to pr...

7.5CVSS6.7AI score0.00661EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 11:35 a.m.9 views

CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...

7.5CVSS7.4AI score0.00661EPSS
Exploits0References1
Rows per page
Query Builder