Lucene search
K

3349 matches found

OSV
OSV
added 2022/05/25 4:15 p.m.6 views

CVE-2022-30428

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...

7.5CVSS5.9AI score0.0105EPSS
Exploits1References1
Prion
Prion
added 2022/05/25 4:15 p.m.16 views

Design/Logic Flaw

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...

5CVSS7.6AI score0.0105EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/25 3:23 p.m.106 views

CVE-2022-30428

CVE-2022-30428 affects ginadmin (up to 05-10-2022). The vulnerability arises from an unfiltered incoming path value, allowing an arbitrary file read from the server. Affected component appears to be the admin/system handling path input; the issue enables access to sensitive files, as described co...

7.5CVSS7.5AI score0.0105EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/05/25 3:23 p.m.30 views

CVE-2022-30428

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...

7.8AI score0.0105EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.6 views

Open Automation Software OAS Platform 访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An information disclosure vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an information disclosure issue in the OAS Engine...

7.5CVSS5.8AI score0.01221EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.6 views

ginadmin 安全漏洞

ginadmin is a backend management platform based on the Gin framework for individual GPER developers in China. A security vulnerability exists in ginadmin 05-10-2022 and earlier versions, which stems from an unfiltered incoming path value, leading to arbitrary file reading...

7.5CVSS7.5AI score0.0105EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/23 12:0 a.m.26 views

WhatsApp Cross-Site Scripting Vulnerability

A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading...

8.2CVSS1.7AI score0.67859EPSS
In wildExploits5
ATTACKERKB
ATTACKERKB
added 2022/05/18 6:15 p.m.3 views

CVE-2022-28921

A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...

6.5CVSS6AI score0.007EPSS
Exploits1References3
OSV
OSV
added 2022/05/17 5:9 a.m.7 views

GHSA-X64M-686F-FMM3 XML External Entity (XXE) in Django

The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE attack...

5CVSS6.6AI score0.04593EPSS
Exploits0References14
OSV
OSV
added 2022/05/17 4:42 a.m.3 views

GHSA-FW3X-2PR2-5J64 GeSHi vulnerable to Directory Traversal

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. dot dot in the 1 geshi-path or 2 geshi-lang-path parameter...

8.7CVSS6.6AI score0.03174EPSS
Exploits1References8
OSV
OSV
added 2022/05/14 1:17 a.m.32 views

GHSA-C57P-3V2G-W9RG Insertion of Sensitive Information into Log File in Apache Tomcat

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. This issue was...

1.9CVSS4.2AI score0.00668EPSS
Exploits0References23
OSV
OSV
added 2022/05/13 1:30 a.m.4 views

GHSA-8XR3-54W2-8XJP Jenkins Image Gallery Plugin allows Path Traversal

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields...

6.5CVSS6.5AI score0.03005EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.5 views

Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

5CVSS6.7AI score0.02291EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.33 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.9AI score0.00799EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/05/12 12:0 a.m.8 views

Esri ArcGIS Enterprise Portal for ArcGIS组件XXE漏洞

Esri ArcGIS Enterprise is a GIS Geographic Information System base software system from the Environmental Systems Research Institute Esri, Inc. The system supports mapping and visualization, analysis, and data management, etc. An XXE vulnerability exists in the Esri ArcGIS Enterprise Portal for...

2.8AI score
Exploits0References1
NVD
NVD
added 2022/05/05 1:15 p.m.11 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

7.5CVSS0.01042EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/05 1:15 p.m.1 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

7.5CVSS5.8AI score0.01042EPSS
Exploits1References2
OSV
OSV
added 2022/05/05 1:15 p.m.12 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

7.5CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2022/05/05 12:23 p.m.78 views

CVE-2022-28462

CVE-2022-28462 affects novel-plus 3.6.0 with an Arbitrary file reading vulnerability caused by lack of restrictions on file parameters. NVD CVSSv3.1 base score 7.5 (HIGH) with network access and no privileges required; confidentiality impact HIGH. PT-Security notes no available fix as of their en...

7.5CVSS7.5AI score0.01042EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/05/05 12:23 p.m.19 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

7.8AI score0.01042EPSS
Exploits1References1
Rows per page
Query Builder