Lucene search
K

7486 matches found

OSV
OSV
added 2023/04/15 3:24 p.m.26 views

CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

4.7CVSS6.1AI score0.01756EPSS
Exploits1References6
OSV
OSV
added 2023/04/15 2:24 p.m.21 views

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

9CVSS8.9AI score0.01153EPSS
Exploits1References8
OSV
OSV
added 2023/04/11 9:15 p.m.1 views

CVE-2023-28222

Windows Kernel Elevation of Privilege Vulnerability...

7.1CVSS7.1AI score0.00678EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-2465 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows CNG Key Isolation Service. This vulnerability is caused by synchronization errors when using a share...

7CVSS9.3AI score0.01872EPSS
Exploits0References37
OSV
OSV
added 2023/04/10 3:15 p.m.1 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.4CVSS5.8AI score0.00414EPSS
Exploits0References2
NVD
NVD
added 2023/04/10 3:15 p.m.16 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.4CVSS5.2AI score0.00414EPSS
Exploits0References2
Prion
Prion
added 2023/04/10 3:15 p.m.31 views

Code injection

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

4.9CVSS5.2AI score0.00414EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/10 12:0 a.m.58 views

CVE-2023-29376

Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...

5.4CVSS5.1AI score0.00414EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/10 12:0 a.m.7 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.2AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/10 12:0 a.m.22 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.4AI score0.00414EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/04/06 12:0 a.m.11 views

Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/04/05 3:30 p.m.6 views

ai.ylyue:yue-library-data-es (=j11.2.6.2), ai.ylyue:yue-library-data-mybatis (=j11.2.6.2) +3155 more potentially affected by CVE-2023-25330 via com.baomidou:mybatis-plus (>=1.2.11 <=3.5.3)

com.baomidou:mybatis-plus MAVEN version =1.2.11, =0.3.0, =0.4.0, =1.0.0, =1.0.0, =3.0.5, =1.7.2, =1.7.2, =1.0.4.R, =1.0.4.R, =1.0.4.R, =1.0.6.R - cc.vihackerframework:vihacker-sharding-starter =1.0.6.R and more Source cves: CVE-2023-25330 Source advisory: OSV:GHSA-32QQ-M9FH-F74W...

9.8CVSS7.2AI score0.0121EPSS
Exploits1
OSV
OSV
added 2023/04/04 3:15 p.m.5 views

CVE-2022-48225

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute with elevated privileges multiple non-existent DLLs...

7.3CVSS5.9AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 7:15 p.m.4 views

CVE-2022-36969

This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...

7.1CVSS5.6AI score0.13681EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2023/03/28 1:38 p.m.44 views

Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
added 2023/03/28 1:8 p.m.32 views

RLSA-2023:1368 Important: nss security and bug fix update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths large...

8.8CVSS9.1AI score0.00817EPSS
Exploits0References4
Huntr
Huntr
added 2023/03/24 4:23 a.m.28 views

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

6.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/23 9:9 a.m.40 views

Important: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/22 10:40 a.m.42 views

Important: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impa...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/21 9:48 a.m.39 views

Important: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
Rows per page
Query Builder