Lucene search
K

251 matches found

OSV
OSV
added 2022/12/23 12:30 p.m.16 views

GHSA-QCW2-492V-57XJ usememos/memos missing Secure cookie attribute

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...

6.5CVSS5.2AI score0.00376EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.46 views

memos 授权问题漏洞

memos is an open source hosted memo center with knowledge management and social features. An authorization issue vulnerability exists in versions of memos prior to 0.9.0 that stems from incorrect authentication...

9.8CVSS7.8AI score0.00731EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.4 views

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.0, which stems from incorrect use of privileged APIs...

8.1CVSS7.6AI score0.00633EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2022/11/28 12:0 a.m.11 views

Oracle E-Business Cross-Site Scripting (CVE-2021-2198)

A stored cross-site scripting vulnerability exists in the Knowledge Management component of Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input...

5.8CVSS2AI score0.79936EPSS
Exploits0
CNNVD
CNNVD
added 2022/11/12 12:0 a.m.4 views

Bruhn NewTech CBRN-Analysis 代码问题漏洞

Bruhn NewTech CBRN-Analysis is an advanced, off-the-shelf CBRN defense knowledge management software application from Bruhn NewTech. It provides knowledge management, hazard prediction, and warning and reporting W&R capabilities to support operational planning and execution. A security...

4.7CVSS5.2AI score0.00399EPSS
Exploits0References2
CNVD
CNVD
added 2022/09/19 12:0 a.m.11 views

Shenzhen Lanning Software Co., Ltd. has SQL injection vulnerability in Lanning Intelligent Collaboration Platform

Shenzhen Lailing Software Co., Ltd. is a well-known large platform OA service provider and a leading knowledge management solution provider in China. It is a national high-tech enterprise specializing in knowledge-based consulting, software development, implementation and technical services for...

2AI score
Exploits0
CNVD
CNVD
added 2022/06/06 12:0 a.m.15 views

Command Execution Vulnerability in Atlassian Confluence Server and Data Center

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A command execution vulnerability exists in Atlassian Confluence Server and Data Center that could...

9.8CVSS7.6AI score0.99999EPSS
Exploits75
CNVD
CNVD
added 2022/02/17 12:0 a.m.26 views

Atlassian Confluence Server权限提升漏洞

Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...

7.8CVSS3.7AI score0.0033EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/05 12:0 a.m.29 views

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-08321)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki 1.37 and earlier versions. The vulnerability...

6.1CVSS4AI score0.01248EPSS
Exploits1References1
0day.today
0day.today
added 2021/12/04 12:0 a.m.498 views

OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities

OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...

7AI score
Exploits0
CNVD
CNVD
added 2021/10/13 12:0 a.m.31 views

MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

7.5CVSS4.4AI score0.01646EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 12:15 p.m.5 views

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

8.8CVSS5.8AI score0.03054EPSS
Exploits0References4
Prion
Prion
added 2021/09/14 12:15 p.m.14 views

Design/Logic Flaw

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

9CVSS8.5AI score0.03054EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/09/14 11:15 a.m.67 views

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms (versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50) is affected by an XSLT processing vulnerability that allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet containing OS-level commands, place it where the system can access...

9.9CVSS8.5AI score0.03054EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.3 views

SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞

SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP, Germany. An operating system command injection vulnerability exists in SAP NetWeaver Knowledge Management XML Forms versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, which allows...

9.9CVSS8.5AI score0.03054EPSS
Exploits0References8
CNVD
CNVD
added 2021/09/05 12:0 a.m.19 views

SQL Injection Vulnerability in Panmicro e-cology (CNVD-2021-73908)

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management and...

7.5AI score
Exploits0
NVD
NVD
added 2021/08/10 3:15 p.m.22 views

CVE-2021-33707

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...

6.1CVSS0.01957EPSS
Exploits0References4
Prion
Prion
added 2021/08/10 3:15 p.m.28 views

Code injection

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...

5.8CVSS6AI score0.01957EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/08/10 2:7 p.m.30 views

CVE-2021-33707

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...

6.1CVSS6.3AI score0.01957EPSS
Exploits0References4
CVE
CVE
added 2021/08/10 2:7 p.m.66 views

CVE-2021-33707

SAP NetWeaver Knowledge Management is affected by CVE-2021-33707, a URL-redirection flaw where a stored URL in a component enables remote attackers to redirect users to arbitrary sites and conduct phishing, compromising confidentiality and integrity. The vulnerability is described across multiple...

6.1CVSS6.1AI score0.01957EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder