Lucene search
K

2302 matches found

OSV
OSV
added 2023/07/06 3:15 p.m.4 views

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

5.4CVSS5.9AI score0.00469EPSS
Exploits1References1
Prion
Prion
added 2023/06/27 6:15 p.m.10 views

Code injection

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROSVERSION is 2 and ROSPYTHONVERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the...

7.5CVSS9.3AI score
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/06/27 2:22 p.m.89 views

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers...

8.2AI score
Exploits0
OSV
OSV
added 2023/06/23 10:15 a.m.5 views

CVE-2023-3380

A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit h...

9.8CVSS5.4AI score0.0388EPSS
Exploits1References3
Prion
Prion
added 2023/06/23 10:15 a.m.22 views

Design/Logic Flaw

A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit h...

5.8CVSS9.7AI score0.0388EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/14 11:15 a.m.4 views

CVE-2023-2695

A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns1data leads to sql injection. The attack can be...

9.8CVSS6.5AI score0.0082EPSS
Exploits1References3
OSV
OSV
added 2023/05/11 2:15 p.m.4 views

CVE-2023-2658

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely...

9.8CVSS5.7AI score0.00881EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.4 views

PT-2023-20755 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the file view product.php, where the manipulation of the id argument leads to sql injection. This can be initiated remotely. Recommendation...

9.8CVSS7.4AI score0.0082EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.7 views

PT-2023-20759 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Computer and Laptop Store, affecting the file view categories.php. The manipulation of the c argumen...

9.8CVSS8.4AI score0.0082EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.3 views

PT-2023-17439 · Unknown · Control Id Rhid

Name of the Vulnerable Software and Affected Versions: Control iD RHiD version 23.3.19.0 Description: A problematic vulnerability was found in the Edit Handler component, affecting an unknown part of the file /v2/customerdb/operator.svc/a. The manipulation of the email argument leads to SQL...

9.8CVSS6.8AI score0.005EPSS
Exploits0References7
OSV
OSV
added 2023/04/08 8:15 a.m.2 views

CVE-2023-1951

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function deletebrand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely...

9.8CVSS6.6AI score0.00726EPSS
Exploits1References3
OSV
OSV
added 2023/04/05 2:15 p.m.3 views

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

9.8CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2023/04/02 8:15 a.m.6 views

CVE-2023-1793

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is...

9.8CVSS6.5AI score0.00726EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.5 views

PT-2023-17207 · Ibos · Ibos

Name of the Vulnerable Software and Affected Versions: IBOS version 4.5.5 Description: A critical issue affects some unknown functionality of the file "/?r=report/api/getlist" of the component Report Search, leading to sql injection. The attack may be launched remotely. Recommendations: For IBOS...

8.8CVSS6.9AI score0.00717EPSS
Exploits1References5
OSV
OSV
added 2023/03/11 12:15 p.m.4 views

CVE-2023-1351

A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file custtransac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References3
OSV
OSV
added 2023/03/09 3:15 p.m.2 views

CVE-2023-1292

A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function deleteclient of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T...

9.8CVSS6.6AI score0.00763EPSS
Exploits1References3
OSV
OSV
added 2023/03/01 8:15 a.m.7 views

CVE-2023-22758

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

7.2CVSS7.4AI score0.01618EPSS
Exploits0References1
NVD
NVD
added 2023/03/01 12:15 a.m.16 views

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

6.1CVSS6.3AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/28 12:0 a.m.25 views

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

6.4AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2023/02/28 12:0 a.m.61 views

CVE-2022-38220

CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...

6.1CVSS6.2AI score0.0068EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder