Lucene search
K

5655 matches found

Vulnrichment
Vulnrichment
added 2024/01/23 9:38 a.m.3 views

CVE-2024-23181

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated...

6.6AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/23 12:0 a.m.13 views

CVE-2021-42142

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...

9.3AI score0.00989EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/17 4:6 p.m.7 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00911EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/01/13 12:0 a.m.20 views

CVE-2023-46942

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...

7.7AI score0.00732EPSS
Exploits0References3
NVD
NVD
added 2024/01/12 3:15 a.m.14 views

CVE-2022-4960

A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...

5.4CVSS4.2AI score0.00502EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/01/12 12:0 a.m.4 views

The vulnerability of the WSO2 platform for integrating application programming interfaces, applications, and web services stems from incorrect restrictions on XML links to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of the WSO2 platform for integrating application programming interfaces, applications, and web services is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

7.8CVSS7.2AI score0.00482EPSS
Exploits0References2Affected Software7
Vulnrichment
Vulnrichment
added 2024/01/11 5:0 p.m.3 views

CVE-2024-0414 DeShang DSCMS install.php access control

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

5.3CVSS9.7AI score0.00809EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/08 3:31 a.m.3 views

CVE-2024-0295 Totolink LR1200GB cstecgi.cgi setWanCfg os command injection

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. Th...

7.5CVSS8.9AI score0.03834EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/01/08 2:31 a.m.7 views

CVE-2024-0293 Totolink LR1200GB cstecgi.cgi setUploadSetting os command injection

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotel...

6.5CVSS9.9AI score0.04831EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.6 views

PT-2024-15454 · Youke365 · Youke365

Name of the Vulnerable Software and Affected Versions: Youke365 versions up to 1.5.3 Description: A critical issue was found in the Parameter Handler component, specifically in the file /app/api/controller/caiji.php. The manipulation of the url argument leads to server-side request forgery,...

9.8CVSS6.5AI score0.005EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.6 views

PT-2024-12375 · Qualcomm · Qualcomm Data Modem

Name of the Vulnerable Software and Affected Versions: Qualcomm Data Modem affected versions not specified Description: The issue involves memory corruption in the Data Modem when a non-standard SDP body is received during a VOLTE call. This can potentially lead to remote attacks when receiving...

9.8CVSS7.2AI score0.00388EPSS
Exploits0References9
NVD
NVD
added 2023/12/26 3:15 p.m.18 views

CVE-2014-125109

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...

6.1CVSS0.00401EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 3:15 p.m.27 views

CVE-2023-7035

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...

5.4CVSS0.0061EPSS
Exploits1References6
OSV
OSV
added 2023/12/21 11:15 a.m.12 views

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

5.4CVSS5.6AI score0.00387EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/12/19 3:30 a.m.22 views

Corveda PHPSandbox Protection Mechanism Failure vulnerability

A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able t...

5.3CVSS6.9AI score0.00734EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2023/12/12 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-6546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01017EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.5 views

The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the lack of protective measures for the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the monitoring and security management tool Trend Micro Apex Central exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks remotely...

4.1CVSS6AI score0.00332EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 9:0 p.m.14 views

CVE-2023-6442 PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php cross site scripting

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The...

4CVSS6.2AI score0.00611EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/11/23 12:0 a.m.3 views

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server lies in the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server relates to the lack of protective measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorize...

7.8CVSS7.3AI score0.01341EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.7 views

The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the lack of protective measures for the website structure, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

7.6CVSS6.3AI score0.00938EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder