Lucene search
+L

195 matches found

CNNVD
CNNVD
added 2024/10/07 12:0 a.m.5 views

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers in China RuoYi RuoYi. A security vulnerability exists in RuoYi v4.7.9 and prior versions, which stems from a vulnerability that allows comments in the code generation function to escape, thereby injecting malicious code...

9.8CVSS7AI score0.00507EPSS
Exploits0References3
OSV
OSV
added 2024/10/07 12:0 a.m.4 views

CVE-2024-46076

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code...

9.8CVSS7.3AI score0.00507EPSS
Exploits0References4
CVE
CVE
added 2024/09/06 4:27 p.m.52 views

CVE-2024-32762

CVE-2024-32762 affects QuLog Center. A cross-site scripting (XSS) vulnerability could allow network-based code injection via a user’s browser when interacting with the affected web interface. Affected versions include QuLog Center 1.7.0.827 and 1.8.0.872 and later; however, fixed releases are 1.7...

8.2CVSS6.5AI score0.00241EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/06 4:25 p.m.16 views

CVE-2023-50366 QTS, QuTS hero

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS...

4.3CVSS5.6AI score0.00229EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/03 5:6 a.m.8 views

Man-in-the-middle(MitM) Attack

Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...

9.8CVSS9.4AI score0.00464EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/08/19 7:15 a.m.24 views

CVE-2024-25582

Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social...

5.4CVSS0.00387EPSS
Exploits0References3
CNVD
CNVD
added 2024/07/24 12:0 a.m.15 views

Apache Syncope Input Validation Error Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an input validation error vulnerability that c...

5.4CVSS6.7AI score0.00702EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.33 views

CentOS 8 : libssh (CESA-2024:3233)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3233 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue...

5.3CVSS6.5AI score0.01421EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.44 views

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

5.3CVSS6.8AI score0.01421EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 10:22 a.m.235 views

Low: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

5.3CVSS6.7AI score0.01421EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/09 1:48 p.m.34 views

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

5.4CVSS5.7AI score0.00502EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/11 12:0 a.m.12 views

QNAP QuTScloud XSS Vulnerability (QSA-24-11)

QNAP QuTScloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.9CVSS4.9AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2024/03/08 5:15 p.m.24 views

CVE-2023-32969

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

4.9CVSS4.7AI score0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/08 4:17 p.m.20 views

CVE-2024-21901 myQNAPcloud

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 2023/11/24 and later QTS...

4.7CVSS7.6AI score0.18677EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/05 12:0 a.m.7 views

Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14312)

Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the index parameter of the formWifiMacFilterGet function. An attacker can exploit this vulnerability to injec...

9.8CVSS7.2AI score0.01303EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 9:15 a.m.22 views

CVE-2023-50379

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host...

8.8CVSS7.1AI score0.01064EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 9:15 a.m.20 views

Code injection

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host...

7.8AI score0.01064EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 8:27 a.m.3993 views

CVE-2023-50379

CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...

8.8CVSS9AI score0.01064EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.5 views

PT-2024-17603 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.2.4 Description: The issue is related to insufficient validation of administrator-provided data in the Image URL Import Feature, allowing a rogue administrator to inject malicious code when importing images...

4.8CVSS5AI score0.00453EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/02/02 4:5 p.m.12 views

CVE-2023-47561 Photo Station

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 2023/12/15 and later...

5.5CVSS5.5AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder