Lucene search
K

77 matches found

OSV
OSV
added 2024/07/16 11:15 p.m.8 views

AZL-50516 CVE-2024-21166 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS5.7AI score0.00728EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-18761 · Samsung · Samsung Data Store

Name of the Vulnerable Software and Affected Versions: Samsung Data Store versions prior to 5.3.00.4 Description: The issue is related to improper access control in Samsung Data Store, allowing local attackers to launch arbitrary activities with the privilege of Samsung Data Store. Recommendation...

4.4CVSS7.2AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2024/03/27 6:15 p.m.4 views

CVE-2023-0582

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x through prior to 8.1.9, 9.2.x through prior to 9.2.5, and 9.3.0, which stems from an inability to clean up metadata on posts containing...

4.3CVSS6.7AI score0.0036EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.4 views

Asp.Net Zero Security Vulnerability

Asp.Net Zero is an open source web development framework. A security vulnerability exists in Asp.Net Zero versions prior to 12.3.0, which stems from messages being transmitted over websocket, and can be exploited by an attacker to inject HTML into a user's message, redirecting the intended victim...

6.1CVSS6.6AI score0.0046EPSS
Exploits1References3
OSV
OSV
added 2023/12/05 12:25 a.m.4 views

CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

6.4CVSS8.4AI score0.01185EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.5 views

Azure RTOS NetX Duo Security Vulnerability

Azure RTOS NetX Duo is an advanced, industry-grade TCP/IP networking stack open-sourced by Azure RTOS. A security vulnerability exists in Azure RTOS NetX Duo versions prior to 6.3.0 that stems from the presence of a memory overflow vulnerability, which could be exploited by an attacker to cause...

9.8CVSS9.5AI score0.03899EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 3:15 p.m.3 views

CVE-2023-46820

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0...

5.3CVSS5.8AI score0.00552EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 8:15 a.m.5 views

CVE-2020-36755

The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czrfnpostfieldssave function. This makes it possible for unauthenticated attackers to post fields via a forged request...

4.3CVSS5.6AI score0.00397EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

WordPress plugin Tutor LMS cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

5.4CVSS6.2AI score0.00403EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.4 views

Adobe Substance 3D Painter 缓冲区错误漏洞

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...

7.8CVSS7.3AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.12 views

WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS6.8AI score0.0058EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.8 views

PT-2023-15436 · Unknown · Quantumcloud Ai Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot plugin versions prior to 4.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 4.3.0,...

5.9CVSS4.9AI score0.00421EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/23 12:0 a.m.9 views

CVE-2023-23296

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault...

6.5AI score0.00798EPSS
Exploits1References1
OSV
OSV
added 2023/02/22 6:15 p.m.5 views

CVE-2023-26214

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system...

5.4CVSS6.1AI score0.00388EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/15 3:17 p.m.5 views

libtiff: heap buffer overflow in extractImageSection

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

7.1CVSS7.6AI score0.01542EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.14 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

9.6CVSS6.7AI score0.0058EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.3 views

EIPStackGroup OpENer 缓冲区错误漏洞

EIPStackGroup OpENer is a software from the EIPStackGroup organization for providing EtherNet/IP stacking functionality to IO adapter devices . A buffer error vulnerability exists in EIPStackGroup OpENer version v2.3.0, which stems from the discovery of a stack overflow contained via...

7.8CVSS7.6AI score0.00708EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.4 views

Pure Storage FlashBlade 和 FlashArray 安全漏洞

Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...

9CVSS7.9AI score0.01072EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/03 12:0 a.m.5 views

XXL-JOB 跨站脚本漏洞

XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...

5.4CVSS5.4AI score0.00496EPSS
Exploits1References2
Rows per page
Query Builder