Lucene search
K

49 matches found

CNNVD
CNNVD
added 2024/02/05 12:0 a.m.4 views

WordPress plugin Display custom fields in the frontend Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.2AI score0.01072EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.3 views

PT-2023-29510 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The id parameter of the "routers/edit-orders.php" resource does not validate the input, making it vulnerable to SQ...

8.1AI score
Exploits0References5
OSV
OSV
added 2022/12/22 3:31 a.m.93 views

GHSA-27H2-HVPR-P74Q jsonwebtoken has insecure input validation in jwt.verify function

Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...

7.6CVSS6.3AI score
Exploits0References4
Veracode
Veracode
added 2022/10/21 8:40 a.m.19 views

Remote Code Execution

com.alibaba:hessian-lite is vulnerable to remote code execution. The vulnerability exists due to insecure input validation when processing serialized data in getSerializer and getDeserializer functions in SerializerFactory.java, which allows an attacker to pass specifically crafted data to the...

9.8CVSS9.6AI score0.02351EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/08/11 3:15 p.m.16 views

Input validation

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.4CVSS7.8AI score0.00104EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/07/21 12:0 a.m.8 views

Inductive Automation Ignition Code Issue Vulnerability

Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analytics.Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet the specific need...

8.8CVSS7.7AI score0.43103EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.6 views

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...

7.8CVSS8AI score0.00652EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.5 views

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analytics.Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet the specific need...

8.8CVSS6.3AI score0.43103EPSS
Exploits0References4
CNVD
CNVD
added 2022/01/27 12:0 a.m.20 views

Apache Karaf code issue vulnerability (CNVD-2022-14707)

Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. Apache Karaf suffers from a code issue vulnerability that stems from insecure input validation when handling serialized data,...

8.1CVSS8.2AI score0.02033EPSS
Exploits0References1
Prion
Prion
added 2021/12/15 7:15 p.m.12 views

Input validation

In icstartRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

4.6CVSS6.7AI score0.00119EPSS
Exploits0References1
Prion
Prion
added 2021/08/12 9:15 p.m.12 views

Input validation

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-get'file' instead of the fixed file names of icon.png and icon.svg...

7.5CVSS9.3AI score0.01361EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/08/11 1:15 p.m.14 views

Input validation

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS9.5AI score0.02714EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.5 views

Portlandlabs Concrete5 代码问题漏洞

Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs Portlandlabs, U.S. Portlandlabs concrete5 suffers from a code issue vulnerability that stems from insecure input validation. An attacker could exploit this vulnerability to pass specially designed data to the...

7.2CVSS6.3AI score0.0368EPSS
Exploits1References5
Prion
Prion
added 2021/07/14 2:15 p.m.20 views

Input validation

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

6.9CVSS7.7AI score0.00362EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.7 views

Bridgecrew Checkov 代码问题漏洞

Bridgecrew Checkov is an open source application. Static code analysis tool for infrastructure-as-code. Bridgecrew Checkov suffers from a code issue vulnerability that stems from insecure input validation when processing serialized data, which could allow a remote user to pass specially designed...

7.2CVSS7.7AI score0.01295EPSS
Exploits0References3
Prion
Prion
added 2020/11/23 9:15 p.m.21 views

Input validation

In Jingyun Antivirus v2.4.2.39, the driver file ZySandbox.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304...

4.6CVSS8AI score0.00315EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/09/11 2:15 p.m.23 views

CVE-2020-16216

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and...

6.5CVSS0.00704EPSS
Exploits0References2
Prion
Prion
added 2020/01/07 5:15 p.m.21 views

Input validation

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have...

6.9CVSS7AI score0.00686EPSS
Exploits1References4Affected Software2
Prion
Prion
added 2019/11/13 6:15 p.m.20 views

Input validation

In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.2CVSS7.6AI score0.00195EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/10 6:15 p.m.3 views

CVE-2019-1873

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...

8.6CVSS7.3AI score0.02464EPSS
Exploits0References2
Rows per page
Query Builder