Lucene search
K

5655 matches found

Ubuntu
Ubuntu
added 2023/05/16 7:45 a.m.42 views

USN-6076-1: Synapse vulnerabilities

It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2019-18835, CVE-2018-12291, CVE-2018-10657 It was...

9.8CVSS7.4AI score0.02418EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.33 views

CentOS 8 : git (CESA-2023:2859)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2859 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untruste...

8.8CVSS7.6AI score0.02938EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2023/05/12 2:16 p.m.54 views

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to...

9AI score0.01371EPSS
Exploits0
Snyk
Snyk
added 2023/05/05 2:19 a.m.2 views

Improperly Controlled Sequential Memory Allocation

Overview Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation due to allowing remote attackers to send malicious requests that consume all memory available to the server. Remediation Upgrade OPCFoundation.NetStandard.Opc.Ua.Server to version...

7.5CVSS7.1AI score0.0106EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/05/03 12:0 a.m.3 views

The vulnerability of the IEEE 802.11 protocol lies in its ability to intercept the data transmitted by devices and replace the MAC addresses of targets, allowing attackers to perform spoofing attacks.

The vulnerability of the IEEE 802.11 protocol lies in the ability to intercept the frames transmitted by the device and to replace the MAC address of the target device. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...

8.3CVSS7AI score0.0113EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2023/04/27 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-1650)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.01196EPSS
Exploits11References2
OSV
OSV
added 2023/04/25 7:15 p.m.8 views

CVE-2021-26947

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...

6.1CVSS7.4AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/04/25 7:15 p.m.39 views

CVE-2021-26947

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...

6.5CVSS6.9AI score0.0141EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 1:15 p.m.15 views

Cross site scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php...

4.9CVSS5.3AI score0.0142EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2023/04/21 12:0 a.m.21 views

Mailman < 3.3.5 REST API Vulnerability

Mailman is prone to a vulnerability in the REST API. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...

6.3CVSS6.1AI score0.00299EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.38 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.10448EPSS
Exploits0References5
NVD
NVD
added 2023/04/15 11:15 a.m.20 views

CVE-2023-2094

A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/managemechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...

9.8CVSS7.4AI score0.00802EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/14 10:0 a.m.22 views

CVE-2023-2044 Control iD iDSecure Dispositivos Page cross site scripting

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the...

4CVSS6.3AI score0.00357EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/13 10:18 a.m.57 views

Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]

Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...

9.8CVSS9.9AI score0.74171EPSS
Exploits7Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.7 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the improper limitation of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

7.5CVSS6.8AI score0.0053EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.3 views

PT-2023-2399 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Internet Key Exchange IKE Protocol Extensions affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Internet Key Exchange IKE protocol ...

7.5CVSS9.5AI score0.00877EPSS
Exploits0References7
Prion
Prion
added 2023/04/10 4:15 p.m.20 views

Out-of-bounds

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

6.5CVSS7AI score0.01013EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/07 5:31 p.m.6 views

CVE-2023-1941 SourceCodester Simple and Beautiful Shopping Cart System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiat...

7.5CVSS7.4AI score0.00819EPSS
Exploits1References3
Prion
Prion
added 2023/04/07 9:15 a.m.22 views

Cross site request forgery (csrf)

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attac...

5CVSS4.8AI score0.0033EPSS
Exploits1References3
Prion
Prion
added 2023/04/05 7:15 p.m.30 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

5.8CVSS6AI score0.00433EPSS
Exploits0References1
Rows per page
Query Builder