Lucene search
K

5655 matches found

The Hacker News
The Hacker News
added 2023/01/09 10:30 a.m.61 views

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infinit...

0.9AI score
Exploits0
OSV
OSV
added 2023/01/07 8:15 p.m.13 views

CVE-2021-4307

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

9.8CVSS9.6AI score
Exploits0References5
NVD
NVD
added 2023/01/07 10:15 a.m.24 views

CVE-2014-125057

A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...

9.8CVSS5.5AI score0.00805EPSS
Exploits0References3
NVD
NVD
added 2023/01/07 9:15 a.m.25 views

CVE-2014-125054

A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as...

4.3CVSS4.8AI score0.0056EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/05 9:7 a.m.7 views

CVE-2023-0077

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors...

6.5CVSS9.5AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2023/01/04 10:15 p.m.11 views

CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched...

9.8CVSS7AI score
Exploits0References4
Prion
Prion
added 2023/01/03 12:15 p.m.25 views

Sql injection

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...

5.8CVSS7.4AI score0.00651EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2023/01/03 12:0 a.m.24 views

ISC BIND DoS Vulnerability (CVE-2011-4313) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5CVSS6.5AI score0.16747EPSS
Exploits0References1
Prion
Prion
added 2022/12/27 1:15 p.m.18 views

Cross site scripting

A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated...

5.8CVSS6.1AI score0.00904EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/12/25 8:15 p.m.18 views

CVE-2022-4741

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is...

6.5CVSS0.00763EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/12/22 12:30 p.m.18 views

text_helpers uses web link to untrusted target with window.opener access

A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely...

6.3CVSS6.4AI score0.00573EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/12/21 7:15 p.m.16 views

CVE-2022-4633

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...

8.8CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2022/12/19 3:15 p.m.18 views

CVE-2022-4613

A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated...

6.5CVSS0.00726EPSS
Exploits1References3
OSV
OSV
added 2022/12/18 8:15 a.m.18 views

CVE-2022-4592

A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is...

9.8CVSS7.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/17 3:24 a.m.4 views

CVE-2022-44750 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described i...

9.8CVSS9.7AI score0.00646EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/17 12:0 a.m.6 views

CVE-2022-4582 starter-public-edition-4 cross site scripting

A vulnerability was found in starter-public-edition-4 up to 4.6.10. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.6.11 is able to address this issue. The...

3.5CVSS6.3AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2022/12/14 3:15 p.m.30 views

CVE-2022-31358

A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...

9CVSS0.01273EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.6 views

PT-2022-27022 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS versions up to 5.2.9 Description: A critical issue has been found, affecting an unknown function of the file /cms/category/list. The manipulation of the sqlWhere argument leads to sql injection, allowing for remote attacks...

9.8CVSS9.5AI score0.0289EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.5 views

CVE-2022-4300 FastCMS Template edit injection

A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and...

6.3CVSS7.6AI score0.00793EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2022/12/05 11:8 a.m.101 views

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manne...

0.9AI score
Exploits0
Rows per page
Query Builder