Lucene search
K

5655 matches found

Vulnrichment
Vulnrichment
added 2022/06/21 6:5 a.m.9 views

CVE-2017-20067 Hindu Matrimonial Script sql injection

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched...

7.3CVSS7.6AI score0.01076EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.5 views

BitTorrent uTorrent 授权问题漏洞

BitTorrent uTorrent is a set of BitTorrent client software written in C++ by BitTorrent Inc. in the United States. A security vulnerability exists in BitTorrent uTorrent, which originates from a weak authentication vulnerability due to operation with unknown input, which can be exploited by...

8.8CVSS8AI score0.01076EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/06/15 1:10 p.m.2 views

CVE-2022-2087 SourceCodester Bank Management System cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input alert1 leads to cross site scripting. It is possible to initiate the attack remotely. The...

3.5CVSS5.1AI score0.00551EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/10 8:0 p.m.2 views

CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS7.3AI score0.17767EPSS
Exploits5References8
Prion
Prion
added 2022/06/09 11:15 p.m.15 views

Cross site scripting

A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting DOM. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to...

4.3CVSS6AI score0.00606EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/09 4:15 p.m.22 views

Authorization

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be...

4.3CVSS7.6AI score0.00732EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/07 11:5 a.m.3 views

CVE-2022-2018 SourceCodester Prison Management System Inmate sql injection

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/viewinmate of the component Inmate Handler. The manipulation of the argument id with the input...

4.7CVSS7.5AI score0.0075EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/06/03 7:10 p.m.3 views

CVE-2020-36536 Brandbugle main.php sql injection

A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely...

6.3CVSS9AI score0.00611EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/06/03 12:0 a.m.5 views

The vulnerability of the ZoneMinder video surveillance software lies in its lack of measures to protect website structures, allowing attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the ZoneMinder video surveillance software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

4.9CVSS5.2AI score
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2022/06/01 11:24 a.m.69 views

USN-5457-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.9AI score0.01424EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/05/28 8:37 a.m.51 views

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as...

0.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/05/27 4:0 p.m.39 views

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/05/27 4:0 p.m.29 views

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/27 12:15 p.m.27 views

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference EMI to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from...

Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/25 12:0 a.m.19 views

Oracle JRE Unspecified Vulnerability

Unspecified vulnerability in hotspot for Java Runtime Environment JRE allows remote attackers to affect integrity...

4.3CVSS6AI score0.85333EPSS
In wildExploits6
OSV
OSV
added 2022/05/24 10:6 p.m.34 views

GO-2022-0166 Denial of service due to unchecked parameters in crypto/dsa

The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go...

7.5CVSS7.4AI score0.04335EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:9 p.m.9 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00845EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/24 7:2 p.m.6 views

GHSA-QCV4-GV43-498V Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page

Cross-site scripting XSS vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00796EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.8 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page

Cross-site scripting XSS vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00796EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/24 7:2 p.m.3 views

GHSA-87X7-PWRX-JCH7 Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...

5.3CVSS7.2AI score0.01112EPSS
Exploits0References5
Rows per page
Query Builder