Lucene search
K

183 matches found

CNNVD
CNNVD
added 2025/01/31 12:0 a.m.3 views

Silicon Gecko OS 安全漏洞

Silicon Gecko OS is a highly optimized but feature-rich IoT operating system from Silicon, Inc. A security vulnerability exists in Silicon Gecko OS that stems from a missing HTTP GET request data length validation...

8.8CVSS6.6AI score0.00522EPSS
Exploits0References3
Snyk
Snyk
added 2025/01/27 10:0 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS at the /admin/compass endpoint, which passes data from GET requests to the index function. This function can return unsanitized text in error message popups when it receives a file deletion request. As a result,...

6.1CVSS5.3AI score0.24095EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.5 views

WordPress plugin AI Scribe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.7 views

PT-2025-1911 · WordPress · The Ai Scribe

Name of the Vulnerable Software and Affected Versions: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT GPT-4o 128K plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to unauthorize...

4.3CVSS7AI score0.00293EPSS
Exploits0References7
OSV
OSV
added 2024/11/26 8:15 p.m.4 views

UBUNTU-CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...

5.3CVSS5.7AI score0.00543EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.3 views

PT-2024-8870 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.3 through 17.3.7 GitLab EE versions 17.4 through 17.4.4 GitLab EE versions 17.5 through 17.5.2 GitLab CE versions 17.3 through 17.3.7 GitLab CE versions 17.4 through 17.4.4 GitLab CE versions 17.5 through 17.5.2...

5.3CVSS5.7AI score0.00543EPSS
Exploits0References13
Broadcom
Broadcom
added 2024/11/02 12:0 a.m.10 views

Apache Tomcat - information disclosure (CVE-2023-42795 )

When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next...

5.3CVSS6.7AI score0.0216EPSS
Exploits1
OSV
OSV
added 2024/10/28 10:15 p.m.3 views

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/10/28 10:15 p.m.26 views

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

4.3CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 9:35 p.m.10 views

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

3.5CVSS6.1AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 9:35 p.m.19 views

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

3.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/10/09 8:15 p.m.21 views

CVE-2024-30118

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...

5.7CVSS0.00287EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 8:15 p.m.5 views

CVE-2024-30118

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...

5.7CVSS5.8AI score0.00287EPSS
Exploits0References1
OSV
OSV
added 2024/09/25 4:44 p.m.12 views

MAL-2024-12269 Malicious code in faest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.6 views

Invision Community Security Breach

Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions prior to 4.7.16 that stems from the application failing to properly clean up request parameters, which can be exploited by an...

9.8CVSS7.9AI score0.08676EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2024/06/02 5:24 a.m.55 views

awesome-web-pocs

Awesome Web PoCs !arXivhttps://img.shields.io/badge/arXiv-...

7.2AI score
Exploits0
NVD
NVD
added 2024/05/31 6:15 p.m.25 views

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

2CVSS3.8AI score0.00575EPSS
Exploits0References7
OSV
OSV
added 2024/05/23 7:50 p.m.15 views

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

6.1CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

DEBIAN-CVE-2024-26995

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...

7.8CVSS6AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 11:15 p.m.5 views

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...

4.9CVSS5.7AI score0.00447EPSS
Exploits0References1
Rows per page
Query Builder