Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4930 matches found

NVD
NVDadded 2024/11/15 11:15 a.m.24 views

CVE-2024-0875

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS0.00372EPSS
Exploits1References2
OSV
OSVadded 2024/11/15 11:15 a.m.12 views

CVE-2024-0875

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

4.8CVSS5.2AI score
Exploits0References2
CVE
CVEadded 2024/11/15 10:57 a.m.52 views

CVE-2024-0875

CVE-2024-0875 affects OpenEMR/OpenEMR v7.0.1, where a stored XSS in the Secure Messaging feature allows injection into the inputBody field and execution when recipients view the message, potentially compromising accounts. The issue is fixed in v7.0.2.1. Affected component: Secure Messaging, vulne...

8.1CVSS5.6AI score0.00372EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/15 10:57 a.m.11 views

CVE-2024-0875 Stored XSS in openemr/openemr

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS7AI score0.00372EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/11/15 10:57 a.m.29 views

CVE-2024-0875 Stored XSS in openemr/openemr

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS0.00372EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/11/15 12:0 a.m.4 views

ZONEPOINT 安全漏洞

PRIMX ZONEPOINT is a secure encrypted messaging program from PRIMX Corporation. A security vulnerability exists in ZONEPOINT 2024.1 and earlier versions, which stems from the fact that a dedicated folder can be accessed by other users by default, allowing them to misuse technical files and perfor...

7.8CVSS6.7AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/11/15 12:0 a.m.6 views

PT-2024-15883 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: openemr/openemr version 7.0.1 Description: A stored cross-site scripting XSS issue exists in the Secure Messaging feature. An attacker can inject malicious payloads into the inputBody field, which can then be sent to other users. When the...

8.1CVSS7.5AI score0.00372EPSS
Exploits1References8
CNNVD
CNNVDadded 2024/11/15 12:0 a.m.3 views

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR version 7.0.1. The...

8.1CVSS7.7AI score0.00372EPSS
Exploits1References2
NVD
NVDadded 2024/11/14 4:15 p.m.23 views

CVE-2024-52505

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

5.4CVSS0.00374EPSS
Exploits0References2
CVE
CVEadded 2024/11/14 3:29 p.m.92 views

CVE-2024-52505

CVE-2024-52505 affects the matrix-appservice-irc Node.js IRC bridge. The provisioning API in versions up to 3.0.2 allowed arbitrary IRC command execution by the bridge bot, as described in multiple sources. A fix exists in version 3.0.3, which patches the vulnerability. No exploitation details ar...

5.4CVSS5.7AI score0.00374EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/11/14 3:29 p.m.42 views

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

5.4CVSS0.00374EPSS
Exploits0References2
OSV
OSVadded 2024/11/14 3:29 p.m.10 views

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

5.4CVSS7.2AI score0.00374EPSS
Exploits0References4
CNVD
CNVDadded 2024/11/13 12:0 a.m.2 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2025-11157)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from the presence of incorrect CSRF token checks in...

8.1CVSS7.2AI score0.00622EPSS
Exploits0References1
NVD
NVDadded 2024/11/12 5:15 p.m.15 views

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00842EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/12 4:38 p.m.38 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00842EPSS
Exploits0References2
CVE
CVEadded 2024/11/12 4:38 p.m.127 views

CVE-2024-50336

CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...

5.3CVSS6.5AI score0.00842EPSS
Exploits0References3
OSV
OSVadded 2024/11/12 4:38 p.m.12 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS8.9AI score0.00842EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2024/11/12 4:38 p.m.6 views

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS8.6AI score0.00842EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2024/11/12 9:11 a.m.3 views

kernel: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotpsendmsg: add result check for waiteventinterruptible Using waiteventinterruptible to wait for complete transmission, but do not check the result of waiteventinterruptible which can be interrupted. It will result ...

5.5CVSS6.9AI score0.0021EPSS
Exploits0References5
OSV
OSVadded 2024/11/11 8:15 p.m.1 views

UBUNTU-CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

5.4CVSS5.8AI score0.00272EPSS
Exploits1References3
Rows per page
Query Builder