Lucene search
K

186 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.55 views

The vulnerability of Websoft HCM’s automation software for HR processes stems from insufficient validation of input data, allowing attackers to execute the displayed HTML code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to insufficient verification of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code by sending a specially crafted POST request...

7.5CVSS5.9AI score
Exploits0
Lenovo
Lenovo
added 2025/04/08 11:19 a.m.13 views

Multi-Vendor BIOS Security Vulnerabilities (April 2025) - Lenovo Support US

No description provided...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

Infinxt iEdge 100 安全漏洞

Infinxt iEdge 100 is a next-generation secure SD-WAN appliance for small and medium-sized branch offices from Infinxt. A security vulnerability exists in the Infinxt iEdge 100 version 2.1.32, which stems from improper validation of user input for the mtrIp parameter in the MTR function of the...

5.4CVSS6.8AI score0.01023EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.7 views

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.1CVSS5.9AI score0.04156EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.4 views

WordPress plugin Easy Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.00249EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.7 views

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. This vulnerability allows attackers to execute cross-site scripting attacks.

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. Exploiting this vulnerability can allow a remote attacker to execute cross-site scripting attacks...

10CVSS6.4AI score0.01093EPSS
Exploits2References5Affected Software2
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.6 views

SuiteCRM SQL注入漏洞

SuiteCRM is an open source, enterprise-level customer relationship management CRM software. SuiteCRM suffers from a SQL injection vulnerability that is caused by insufficient validation of input values. An attacker can exploit the vulnerability to execute SQL commands, which in turn may be used t...

8.8CVSS7.8AI score0.00432EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.12 views

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform, related to insufficient validation of input data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform relates to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows attackers to execute arbitrary commands...

6.6CVSS5.8AI score0.0055EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.7 views

The vulnerability of the Vendure corporate platform lies in improper cleaning of file paths and bypassing directories due to insufficient verification of input data. This allows attackers to disclose protected information or cause service failures.

The vulnerability of the Vendure corporate platform lies in improper cleaning of file paths and bypassing directories due to insufficient verification of input data. Exploitation of this vulnerability can allow a malicious actor to disclose protected information or cause service failures...

9.4CVSS7.7AI score0.59798EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.7 views

The vulnerability of the UI and Visualization components of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI and Visualization component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

3CVSS7.6AI score0.00346EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.6 views

Vulnerability of the Server component: The Oracle MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Oracle MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

6.8CVSS6.6AI score0.00908EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/09/30 1:15 p.m.6 views

CVE-2024-45920

A Stored Cross-Site Scripting XSS vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature...

5.4CVSS5.8AI score0.00315EPSS
Exploits1References1
Lenovo
Lenovo
added 2024/09/10 4:2 p.m.4 views

Lenovo XClarity Controller (XCC) Vulnerabilities - Lenovo Support US

No description provided...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.8 views

The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a business automation system that allows attackers to gain unauthorized access to protected information.

The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, and of the Oracle E-Business Suite system, which is used for automating business operations, is related to insufficient validation of input data...

5.3CVSS7.4AI score0.00399EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.7 views

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data...

4.3CVSS6.4AI score0.00953EPSS
Exploits0References4Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/07/19 12:0 a.m.7 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.4CVSS7.2AI score0.00197EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/19 12:0 a.m.7 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.4CVSS7.2AI score0.00395EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.7 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

6.4CVSS7.2AI score0.00382EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.6 views

PT-2024-4886 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of...

6.4CVSS7AI score0.00362EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.3 views

PT-2024-3115 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code...

10CVSS9.4AI score0.02351EPSS
Exploits0References7
Rows per page
Query Builder