Lucene search
K

5655 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.9 views

Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-site Scripting (CVE-2014-3313)

Cross-site scripting XSS vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. This plugin only works with Tenable.ot. Please visit...

4.3CVSS5.9AI score0.01951EPSS
Exploits0References13
CVE
CVE
added 2024/12/03 5:48 a.m.51 views

CVE-2024-49420

CVE-2024-49420 affects Samsung Gaming Hub. The issue is improper handling of responses in Gaming Hub prior to 6.1.04.6 (Korea) and 7.1.03.7 (Global), enabling remote attackers to launch arbitrary activity. Root cause: mishandling of responses in the Gaming Hub application. Impact: remote code/act...

7.5CVSS7.6AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/03 5:48 a.m.14 views

CVE-2024-49420

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity...

7.5CVSS0.00496EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.7 views

PT-2024-33531 · Gaminghub · Gaminghub

Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.04.6 in Korea GamingHub versions prior to 7.1.03.7 in Global Description: The issue is related to the improper handling of responses in GamingHub, allowing remote attackers to launch arbitrary activity...

7.5CVSS6.6AI score0.00496EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/12/02 12:0 a.m.14 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PostgreSQL vulnerabilities (USN-7132-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7132-1 advisory. It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this...

8.8CVSS7.5AI score0.04422EPSS
Exploits1References5
CVE
CVE
added 2024/11/28 2:31 p.m.69 views

CVE-2024-11959

CVE-2024-11959 affects D-Link DIR-605L (firmware 2.13B01). The vulnerability lies in the function formResetStatistic within /goform/formResetStatistic; manipulating the curTime parameter leads to a buffer overflow. PT-2024-8960 and related sources indicate this can be exploited remotely and may e...

9CVSS8.9AI score0.01732EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.3 views

PT-2024-17129 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.11 Mattermost versions 9.11.x through 9.11.3 Mattermost versions 10.0.x through 10.0.1 Mattermost versions 10.1.x through 10.1.1 Description: The issue is related to the improper validation of email...

8.2CVSS7.4AI score0.00461EPSS
Exploits0References7
HackRead
HackRead
added 2024/11/27 2:2 p.m.13 views

AmberWolf Launches NachoVPN Tool to Tackle VPN Security Risks

Researchers reveal major vulnerabilities in popular corporate VPN clients, allowing remote attacks. Discover the NachoVPN tool and expert…...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.7 views

PT-2024-8793 · Vmware · Vmware Aria Operations

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject malicious...

8CVSS7.8AI score0.00408EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

6.5CVSS8.7AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-39622 · WordPress · Gmw-Premium-Settings +1

Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5 gmw-premium-settings WordPress plugin versions prior to 3.1 Description: The issue is related to insufficient validation of files to be uploaded, which could allow attackers to upload arbitrary...

6.6CVSS6.7AI score0.00733EPSS
Exploits1References8
Redos
Redos
added 2024/11/21 12:0 a.m.19 views

ROS-20241121-05

The vulnerability in the Moodle virtual learning environment is related to issues with controlling the visibility of user information in gradebook reports. of user information in gradebook reports. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...

8.1CVSS6.8AI score0.83343EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-35231 · Unknown · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher versions through 4.1.15 Description: The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. This vulnerability allows for remote attacks due to flaws in the...

9.1CVSS9.3AI score0.00518EPSS
Exploits0References7
NVD
NVD
added 2024/11/11 8:15 a.m.25 views

CVE-2024-11020

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 7:16 a.m.18 views

CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS0.00451EPSS
Exploits0References2
CVE
CVE
added 2024/11/11 7:16 a.m.51 views

CVE-2024-11020

CVE-2024-11020 affects Grand Vice info Webopac (Webopac from Grand Vice info). The vulnerability is a SQL Injection in the Webopac web interface that allows an unauthenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Several sources corrobora...

9.8CVSS10AI score0.00451EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/11 7:16 a.m.13 views

CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS8.4AI score0.00451EPSS
Exploits0References2
NVD
NVD
added 2024/11/11 7:15 a.m.16 views

CVE-2024-11016

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 6:51 a.m.26 views

CVE-2024-11016 Grand Vice info Webopac - SQL Injection

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS0.00538EPSS
Exploits0References2
CVE
CVE
added 2024/11/11 6:51 a.m.55 views

CVE-2024-11016

CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...

9.8CVSS10AI score0.00538EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder