Lucene search
K

56 matches found

Vulnrichment
Vulnrichment
added 2023/09/29 7:30 a.m.13 views

CVE-2023-3922 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

3CVSS4.8AI score0.00387EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/04 5:15 p.m.16 views

CVE-2023-4157 Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in GitHub repository omeka/omeka-s prior to version 4.0.3...

5.2CVSS6.8AI score0.00445EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

4.3CVSS7.6AI score0.03685EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.37 views

Honeywell Experion PKS and ACE Controllers Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2021-38395)

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit...

9.8CVSS7.7AI score0.00871EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:25 a.m.2 views

GHSA-QG25-HGJV-CG9Q Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...

9.8CVSS7.6AI score0.42983EPSS
Exploits4References21
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.27 views

CVE-2021-27493 Philips Vue PACS

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

6.1CVSS6.6AI score0.00653EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.7 views

Synology DiskStation Manager 跨站脚本漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An injection vulnerability exists in Synology DiskStation Manager, which...

6.5CVSS6.1AI score0.00597EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.21 views

Abb Base Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl all published versions enables an attacker authenticated on the local system to inject data, affecting the online view...

5.3CVSS3.8AI score0.00325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.34 views

Se Ecostruxure Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software versions in security notification. The result of this vulnerability, DLL substitution, coul...

9.8CVSS2.3AI score0.01557EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/27 12:0 a.m.37 views

Schneider-electric Ecostruxure Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

7.5CVSS3.6AI score0.01542EPSS
Exploits0References2
Prion
Prion
added 2020/03/23 7:15 p.m.16 views

Design/Logic Flaw

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

7.5CVSS9.2AI score0.01542EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2019/07/01 7:15 p.m.15 views

Command injection

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

9CVSS7.1AI score0.18306EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2019/07/01 6:12 p.m.37 views

CVE-2019-7670

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

7.1AI score0.18306EPSS
Exploits5References3
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

PYSEC-2019-87

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

5.9AI score
Exploits0References8
PyPA
PyPA
added 2019/01/09 11:29 p.m.5 views

PYSEC-2019-17

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.7AI score0.03685EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2018/12/20 5:29 p.m.16 views

CVE-2018-1000854

esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable vi...

9.8CVSS9.7AI score0.0316EPSS
Exploits0References1
Rows per page
Query Builder