Lucene search
K

5655 matches found

NVD
NVD
added 2024/03/15 5:15 p.m.13 views

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

7.2CVSS5.3AI score0.00907EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.14 views

Mobatek MobaXterm < 8.3 (CVE-2015-7244)

The version of Mobatek MobaXterm installed on the remote host is prior to 8.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-7244 advisory. - The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does n...

7.5CVSS6AI score0.05049EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/03/09 6:15 a.m.26 views

CVE-2023-46426

Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service DoS via gffwrite component in at utils/osfile.c...

8.8CVSS7AI score0.00898EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/09 12:0 a.m.6 views

PT-2024-10208 · Ibm · Ibm Security Reaqta

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: The issue is related to weaknesses in the authentication procedure of IBM Security ReaQta, which could allow a remote attacker to disclose protected information. Specifically, IBM Security ReaQta...

5.3CVSS5AI score0.00308EPSS
Exploits0References6
Prion
Prion
added 2024/03/08 12:15 a.m.11 views

Sql injection

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

6.5CVSS7.8AI score0.00558EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:55 a.m.20 views

BIT-DRUPAL-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.5AI score0.04327EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.110 views

Oracle Linux 9 : openssh (ELSA-2024-1130)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1130 advisory. - Fix Terrapin attack CVE-2023-48795 Resolves: RHEL-19764 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.5CVSS7.1AI score0.93305EPSS
Exploits11References3
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.5 views

PT-2024-2136 · D Link · D-Link Gortac750 A1 Fw V101B03

Name of the Vulnerable Software and Affected Versions: D-Link GORTAC750 A1 FW v101b03 Description: A Cross-site scripting XSS vulnerability in components such as dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi, and seama.cgi allows remote attackers to inject arbitrary web script or HTML via the url...

6.1CVSS6AI score0.00507EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.37 views

Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory. It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an...

7.5CVSS7.5AI score0.02384EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.17 views

Sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be...

6.5CVSS7.7AI score0.00628EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/21 3:30 a.m.55 views

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

9.6CVSS5.9AI score0.00555EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/02/20 9:30 a.m.2 views

GHSA-3MRR-CW9Q-727M Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter...

6.1CVSS6.2AI score0.00385EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/20 9:26 a.m.18 views

CVE-2024-25608

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...

6.1CVSS6.5AI score0.0096EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:18 a.m.19 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

5.9CVSS6AI score0.014EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.3 views

PT-2024-1868 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to a lack of protection measures for the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker...

7.6CVSS8.8AI score0.01158EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.180 views

Rocky Linux 8 : openssh (RLSA-2024:0606)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...

6.5CVSS7.2AI score0.93305EPSS
Exploits11References5
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.41 views

RHEL 9 : kernel (RHSA-2024:0448)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0448 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier prunin...

10CVSS7.5AI score0.0616EPSS
Exploits3References44
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.7 views

The vulnerability of the Nginx UI server’s user interface allows attackers to cause service failures, increase their privileges, and expose sensitive information.

The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability can allow a remote attacker to cause service failures, increase their privileges, and expose sensitive information through a...

9CVSS7.6AI score0.01537EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.4 views

PT-2024-10089 · Drupal · Drupal Swift Mailer

Name of the Vulnerable Software and Affected Versions: Drupal Swift Mailer versions . Description: The issue is related to an Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer, which allows Resource Location Spoofing. This can be exploited by a remote attacker to perform...

9.1CVSS6.9AI score0.0036EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2024/01/23 12:9 p.m.15 views

Side Channels Are Common

Really interesting research: "Lend Me Your Ear: Passive Remote Physical Side Channels on PCs." Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often...

7.1AI score
Exploits0
Rows per page
Query Builder