Lucene search
K

99 matches found

OSV
OSV
added 2024/05/07 9:15 p.m.2 views

CVE-2024-23713

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00083EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/07 9:1 p.m.21 views

CVE-2024-23713

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7AI score0.00083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.6 views

PT-2024-20030 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a possible failure to persist notifications settings due to improper input validation in the migrateNotificationFilter function of NotificationManagerService.jav...

7.8CVSS6.7AI score0.00083EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/03/05 9:35 p.m.31 views

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

6.6AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

Devolutions Server Security Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from incorrect access control in the notification...

4.3CVSS6.8AI score0.00204EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/12/14 2:41 p.m.14 views

Apple now requires a judge’s order to hand over your push notification data

Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies arent allowed to tell users about it happening. The content of the notifications is diverse. It ranges from a weather app warning you about rain to ...

6.7AI score
Exploits0
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.237 views

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...

5.4CVSS5.8AI score0.00426EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2023/09/19 11:15 p.m.4 views

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

7.2CVSS6.1AI score0.0321EPSS
Exploits0References4
NVD
NVD
added 2023/09/19 11:15 p.m.29 views

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

7.2CVSS8.1AI score0.0321EPSS
Exploits0References2
Prion
Prion
added 2023/09/19 11:15 p.m.20 views

Sql injection

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

5.8CVSS7.6AI score0.0321EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/19 12:0 a.m.15 views

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

8.4AI score0.0321EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/06/30 8:42 p.m.31 views

XWiki Platform vulnerable to Code injection through NotificationRSSService

Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps:...

9.9CVSS8AI score0.82376EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2023/06/29 9:15 p.m.36 views

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

9.9CVSS9.9AI score0.82376EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/06/29 8:38 p.m.13 views

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

9.9CVSS8.1AI score0.82376EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/29 8:38 p.m.43 views

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

9.9CVSS10AI score0.82376EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An injection vulnerability exists in XWiki Platform versions 9.6-rc-1 through 14.10.6 and 15.0-rc-1 through 15.2-rc-1, which stems from the fact that any user who can edit...

9.9CVSS8.6AI score0.82376EPSS
Exploits1References6
OSV
OSV
added 2023/06/15 7:15 p.m.4 views

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.1 views

PT-2023-17927 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible failure to persist notifications settings due to improper input validation in the onCreate method of NotificationAccessSettings.java. This could le...

7.8CVSS6.8AI score0.00093EPSS
Exploits0References5
Veeam
Veeam
added 2022/11/11 12:0 a.m.315 views

Error: Skipping VM processing due to insufficient free disk space on datastore

Challenge A Backup or Replication job fails with the messages: Production datastore is getting low on free space xx GB left, and may run out of free disk space completely due to open snapshots. Insufficient free disk space on production datastore . Error: Skipping VM processing due to insufficien...

5.6AI score
Exploits0Affected Software1
OSV
OSV
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS5.9AI score0.00513EPSS
Exploits2References1
Rows per page
Query Builder