Lucene search
K

78 matches found

CNNVD
CNNVD
added 2022/06/03 12:0 a.m.6 views

XXL-JOB 跨站脚本漏洞

XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...

5.4CVSS5.4AI score0.00496EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.4 views

PT-2022-16867

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0 Description The issue concerns the RSA PKCS1 v1.5 signature verification code in node-forge, which is lenient in checking the digest algorithm structure. This leniency can allow a crafted structure to steal...

7.5CVSS6AI score0.00717EPSS
Exploits0References18
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.7 views

McAfee Drive Encryption 安全漏洞

Mcafee McAfee Drive Encryption is a full-disk encryption software from McAfee, Inc. that helps protect data on Microsoft Windows tablets, laptops, and desktop PCs against loss of sensitive data, especially loss due to device loss or theft. A security vulnerability exists in the Windows system...

8.8CVSS7.4AI score0.00144EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/08/18 3:15 p.m.6 views

CVE-2021-38710

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

6.1CVSS6.4AI score0.00636EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.4 views

Thycotic Password Reset Server 信息泄露漏洞

Thycotic Password Reset Server is a password reset server from Thycotic, U.S.A. A security vulnerability exists in versions of Thycotic Password Reset Server prior to 5.3.0, which stems from the password reset server allowing credentials to be exposed. An attacker could exploit the vulnerability ...

10CVSS5.6AI score0.01019EPSS
Exploits0References1
Snyk
Snyk
added 2021/05/05 7:4 a.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. It used to call Kernelopen to open a local file. If a Ruby project hasa file whose name starts with | and ends with tags, the command followingthe pipe character is executed. A malicious Ruby project could exploit it...

8.1CVSS7AI score0.0148EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/09/25 7:15 p.m.6 views

deep-floorplan (=0.0.0) potentially affected by CVE-2020-15210 via tensorflow-gpu (=2.3.0)

tensorflow-gpu PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - deep-floorplan =0.0.0 Source cves: CVE-2020-15210 Source advisory: OSV:PYSEC-2020-325...

6.5CVSS6.5AI score0.00729EPSS
Exploits1
CNVD
CNVD
added 2020/09/16 12:0 a.m.6 views

IBM Elastic Storage Server Spectrum Scale Denial of Service Vulnerability (CNVD-2020-52392)

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

6.5CVSS6.5AI score0.01055EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/08 12:0 a.m.4 views

Zephyr Code Execution Vulnerability (CNVD-2020-35962)

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in the MQTT packet length decoder in Zephyr 2.2.0 and later versions fixed in version 2.3.0. An attacker could exploit this vulnerability to cause memory corruption and...

9.8CVSS7AI score0.02879EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/24 12:0 a.m.2 views

Unspecified vulnerability in CrushFTP (CNVD-2020-03729)

CrushFTP is a file transfer server. A security vulnerability exists in CrushFTP 8.3.0 and earlier versions that can be exploited by attackers to steal credentials...

6.1CVSS6.8AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2019/12/03 3:15 p.m.4 views

CVE-2019-4130

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280...

8.8CVSS7.7AI score0.01957EPSS
Exploits0References2
CNVD
CNVD
added 2019/11/27 12:0 a.m.6 views

Pegasystem PEGA Platform Information Disclosure Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. An information disclosure vulnerabili...

4.3CVSS6.2AI score0.00715EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/23 12:0 a.m.5 views

RANGER Studio Directus Information Disclosure Vulnerability

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. An information disclosure vulnerability exists in RANGER Studio...

5.3CVSS6.7AI score0.015EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/15 12:0 a.m.4 views

Unspecified Vulnerability in inversoft prime-jwt

inversoft prime-jwt is an open source Java 8-based JWT library . A security vulnerability exists in JWTDecoder.decode in versions prior to inversoft prime-jwt 1.3.0 and commit 0d94dcef0133d699f21d217e922564adbb83a227. No details of the vulnerability are provided at this time...

9.8CVSS6.9AI score0.01414EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/07 12:0 a.m.34 views

libzip '_zip_read_eocd64' function denial of service vulnerability

libzip is a C library for reading, creating and modifying zip archives developed by software developers Dieter Baron and Thomas Klausner. A security vulnerability exists in the 'zipreadeocd64' function of the zipopen.c file in versions of libzip prior to 1.3.0. A remote attacker can exploit this...

6.5CVSS5.5AI score0.032EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/19 12:0 a.m.2 views

WordPress PressForward plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.PressForward plugin is one of the workflow editing plugin. A cross-site scripting vulnerability exists in the...

6.1CVSS5.8AI score0.00757EPSS
Exploits1References1
CNVD
CNVD
added 2016/02/26 12:0 a.m.5 views

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

Cisco ACE 4710 Application Control Engine is the United States Cisco Cisco a set of ACE application switch series and used to increase the security and stability of data center applications load balancing and application delivery solutions. A command injection vulnerability exists in the Cisco AC...

9CVSS7.6AI score0.02801EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/02/15 12:0 a.m.4 views

PT-2014-2216 · Iproute2 · Iproute2

Name of the Vulnerable Software and Affected Versions: iproute2 versions prior to 3.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by certain scripts. This can be exploited through the configure script or the...

3.3CVSS6AI score0.00352EPSS
Exploits0References8
Rows per page
Query Builder