Lucene search
K

195 matches found

Prion
Prion
added 2024/01/05 5:15 p.m.16 views

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later...

4.9CVSS5.8AI score0.00298EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/05 4:18 p.m.7 views

CVE-2023-47219 QuMagie

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later...

3.5CVSS8.8AI score0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/13 7:17 p.m.26 views

CVE-2023-34977 Video Station

A cross-site scripting XSS vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...

4.6CVSS6AI score0.003EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/02 5:47 p.m.25 views

Stack-based Overflow

exim is vulnerable to Stack-based Overflow. The vulnerability arises from the absence of proper validation of user-supplied data length before copying it into a fixed-length stack-based buffer during the handling of NTLM challenge requests in the SMTP challenge component. This allows an attacker ...

8.1CVSS8AI score0.03158EPSS
Exploits2References2Affected Software2
Veracode
Veracode
added 2023/08/03 7:23 a.m.20 views

Out-of-Bounds Write

libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the CSR format in the WriteMolecule function of CSRformat.cpp, which allows an attacker to inject and execute malicious code, by providing a maliciously crafted file...

9.8CVSS6.9AI score0.00816EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/07/31 2:18 a.m.28 views

Out-of-Bounds Write

libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the Gaussian file format in the ReadMolecule function of mopacformat.cpp, which allows an attacker to inject and execute malicious code, causing an application to crash by providing a maliciously crafted file...

9.8CVSS6.9AI score0.00863EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

Trend Micro Apex Central 跨站脚本漏洞

Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...

6.1CVSS5.9AI score0.01873EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/30 12:0 a.m.10 views

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

6.7AI score0.03083EPSS
Exploits3References2
Veracode
Veracode
added 2023/05/24 3:22 a.m.83 views

Remote Code Execution (RCE)

codeigniter4/framework is vulnerable to Remote Code Execution RCE. The vulnerability exists because the Validation.php does not properly validate the validation placeholders, which allows an attacker to inject and execute malicious code...

9.8CVSS7.6AI score0.01116EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/05/16 4:21 a.m.14 views

Remote Code Execution (RCE)

powerjob is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the library's lack of user input validation, which allows an attacker to inject and execute malicious code...

9.8CVSS7.6AI score0.01171EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/01/31 4:6 a.m.57 views

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage NAS devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects...

9.8CVSS1.5AI score0.02663EPSS
Exploits0
Veracode
Veracode
added 2022/10/19 3:13 a.m.25 views

Arbitrary Code Execution

powerlinegitstatus is vulnerable to arbitrary code execution. The vulnerability is due to the getbasecommand function in segments.py with git repositories containing per-repository configurations that are being displayed when changing the directories which allows an attacker to inject and execute...

7.8CVSS7.9AI score0.0042EPSS
Exploits1References7Affected Software2
Veracode
Veracode
added 2022/07/29 10:46 p.m.25 views

Denial Of Service (DoS)

firefox is vulnerable to remote code execution. The vulnerability exists due to a memory corruption allowing an attacker to inject maliciously crafted code into the system...

8.8CVSS9AI score0.00748EPSS
Exploits0References5Affected Software5
Veracode
Veracode
added 2022/05/17 7:1 a.m.27 views

Remote Code Execution (RCE)

formidable is vulnerable to remote code execution. The vulnerability exists due to the lack validation in the upload file, allowing an attacker to inject and execute malicious code via crafted filename...

9.8CVSS9.5AI score0.03197EPSS
Exploits2References7Affected Software2
NVD
NVD
added 2022/04/26 4:15 p.m.48 views

CVE-2022-24881

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

9.8CVSS0.02909EPSS
Exploits1References3
Veracode
Veracode
added 2022/04/21 12:42 a.m.31 views

Remote Code Execution (RCE)

jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to a sandbox bypass allowing an attacker to inject maliciously crafted code into the system...

8.8CVSS4.8AI score0.01601EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.13 views

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC On a page where the Total Booking widget is displayed, append the following payload: "...

1.8AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/25 6:2 p.m.8 views

CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

4.1CVSS4.8AI score0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/09 3:34 p.m.36 views

CVE-2022-24915 ICSA-22-062-01 IPCOMM ipDIO

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. Th...

8CVSS8.9AI score0.00997EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/09 3:33 p.m.31 views

CVE-2022-22985 ICSA-22-062-01 IPCOMM ipDIO

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific...

8.8CVSS8.8AI score0.01026EPSS
Exploits0References1
Rows per page
Query Builder