Lucene search
+L

81 matches found

OSV
OSV
added 2025/03/19 4:15 p.m.7 views

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

3.1CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2024/06/08 6:15 a.m.3 views

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.5 views

kernel: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace

A vulnerability was discovered in the Intel wireless iwlwifi driver in the Linux kernel that could lead to a buffer overflow in the Driver Virtualization Module key handling code. When processing a received TKIP key that includes MIC rx/tx components, the driver did not adequately limit the amoun...

6.1AI score0.00177EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/04/04 3:21 p.m.31 views

pimcore is vulnerable to cross-site scripting in Composite indices key field

Impact Pimcore is vulnerable to Cross site scripting vulnerability in classes module. Patches Update to version 10.5.20. Workarounds Apply the patch https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef.patch manually...

5.4CVSS5.3AI score0.00457EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.17 views

Klaviyo <= 3.0.10 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Klaviyo Settings, and at Klaviyo...

4.8CVSS5.2AI score0.00442EPSS
Exploits2Affected Software1
Huntr
Huntr
added 2022/09/06 8:52 p.m.21 views

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

4.9CVSS5.2AI score0.00476EPSS
Exploits2
Cvelist
Cvelist
added 2022/07/06 5:30 p.m.37 views

CVE-2022-31124 Possible leak of key's raw field if declared length is incorrect in openssh_key_parser

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

7.7CVSS7.7AI score0.01239EPSS
Exploits1References5
CVE
CVE
added 2022/07/06 5:30 p.m.114 views

CVE-2022-31124

OpenSSH key parser (openssh_key_parser) contains a vulnerability in which, prior to version 0.0.6, if a key field is shorter than declared, the error message includes the raw field value. An attacker who can modify the declared length of a key’s sensitive field can expose the raw value of that fi...

7.7CVSS6.8AI score0.01239EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/16 11:15 p.m.18 views

CVE-2022-30326

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...

10CVSS6.7AI score0.01811EPSS
Exploits1References3
Prion
Prion
added 2022/06/16 11:15 p.m.17 views

Design/Logic Flaw

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...

3.5CVSS5.2AI score0.01811EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2022/05/24 7:2 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the classPKField parameter to CommerceChannelRelFinder.countByCC and CommerceChannelRelFinder.findByCC. An attacker can execute arbitrary SQL commands by injecting malicious SQL code. Remediation Upgrade...

8.8CVSS8.6AI score0.01148EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.7 views

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerabilities exist ...

5.4CVSS5.5AI score0.01266EPSS
Exploits1References3
OSV
OSV
added 2021/11/02 11:15 a.m.2 views

CVE-2021-27722

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering...

7.5CVSS7.1AI score0.00694EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.7 views

Nsasoft SpotAuditor 安全漏洞

Nsasoft SpotAuditor is an advanced password recovery software from Nsasoft USA Inc. A denial-of-service vulnerability exists in Nsasoft US LLC SpotAuditor version 5.3.5, which is used to recover lost or forgotten passwords for over 40 popular Windows programs and tools. The vulnerability is cause...

7.5CVSS5.7AI score0.00694EPSS
Exploits0References3
OSV
OSV
added 2020/04/27 1:15 p.m.8 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/18 12:0 a.m.0 views

Nsasoft Product Key Explorer key field Denial of Service Vulnerability

Product Key Explorer is a program key display tool. A denial of service vulnerability exists in the Nsasoft Product Key Explorer key field. The vulnerability is due to improper handling of the length of the key field and can be exploited by an attacker to cause the program to crash...

6.8AI score
Exploits0
NVD
NVD
added 2019/09/13 1:15 p.m.15 views

CVE-2016-10953

The Headway theme before 3.8.9 for WordPress has XSS via the license key field...

5.4CVSS5.4AI score0.00756EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/09/13 12:14 p.m.20 views

CVE-2016-10953

The Headway theme before 3.8.9 for WordPress has XSS via the license key field...

5.4AI score0.00756EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/13 12:0 a.m.4 views

PT-2019-7746 · Headway · Headway

Name of the Vulnerable Software and Affected Versions: Headway theme versions prior to 3.8.9 Description: The issue concerns a Cross-Site Scripting XSS flaw. This type of flaw occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker ...

5.4CVSS5.2AI score0.00756EPSS
Exploits0References5
0day.today
0day.today
added 2019/05/10 12:0 a.m.30 views

SpotIM 2.2 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: SpotIM 2.2 - 'Name/Key' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotimsetup.exe Version: 2.2 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...

7.4AI score
Exploits0
Rows per page
Query Builder