Lucene search
K

331 matches found

CNNVD
CNNVD
added 2025/07/10 12:0 a.m.4 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

7.5CVSS7.2AI score0.00669EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.11 views

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

6.5CVSS7.3AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:21 a.m.9 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS8.3AI score0.44667EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.6 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS7.4AI score0.0282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:39 p.m.6 views

CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...

9.8CVSS7.8AI score0.36632EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:0 p.m.5 views

CVE-2021-0567

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andro...

7.8CVSS7AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.9 views

CVE-2021-40092

A cross-site scripting XSS vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file...

5.4CVSS5.7AI score0.00585EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.7 views

CVE-2020-25048

An issue was discovered on Samsung mobile devices with Q10.0 with ONEUI 2.1 software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 August 2020...

4.6CVSS7.6AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.10 views

CVE-2020-11819

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution...

9.8CVSS7.1AI score0.26778EPSS
Exploits4References1
OSV
OSV
added 2025/05/07 11:15 p.m.5 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

5.3CVSS7.5AI score0.01119EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/05/07 12:0 a.m.5 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6AI score0.00253EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.5 views

PT-2025-19873 · Netoloji · Netoloji Software E-Flow

Name of the Vulnerable Software and Affected Versions: Netoloji Software E-Flow versions prior to 3.23.00 Description: The issue affects Netoloji Software E-Flow, allowing unrestricted upload of files with dangerous types and improper neutralization of input during web page generation, which can...

8.2CVSS5.6AI score0.00263EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/03/20 12:58 p.m.7 views

php: Use after free due to php_filter_float() failing for ints

A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault...

9.8CVSS6.8AI score0.03002EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/03/18 6:54 p.m.5 views

php: Use after free due to php_filter_float() failing for ints

A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault...

9.8CVSS6.8AI score0.03002EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 1:33 p.m.21 views

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

8.7CVSS6.6AI score0.01782EPSS
Exploits0
NVD
NVD
added 2025/01/07 5:15 p.m.11 views

CVE-2024-12430

An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 directory traversal, a successfully authenticated attacker can inject arbitrary commands into a...

7.3CVSS0.00333EPSS
Exploits3References2
OSV
OSV
added 2024/11/15 8:48 p.m.8 views

GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

7.5CVSS5.3AI score0.00449EPSS
Exploits1References4
NVD
NVD
added 2024/11/13 4:15 a.m.12 views

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

7.5CVSS0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.4 views

PT-2024-19168 · Osc +2 · Osc +2

Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References36
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/17 6:21 a.m.13 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Rows per page
Query Builder