Lucene search
K

26 matches found

Vulnrichment
Vulnrichment
added 2024/02/09 7:33 p.m.13 views

CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

2CVSS6AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.4 views

PT-2024-17603 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.2.4 Description: The issue is related to insufficient validation of administrator-provided data in the Image URL Import Feature, allowing a rogue administrator to inject malicious code when importing images...

4.8CVSS5AI score0.00453EPSS
Exploits0References10
OSV
OSV
added 2022/06/27 9:15 a.m.2 views

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...

7.2CVSS5.7AI score0.0126EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2021/10/25 3:7 a.m.175 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Confluence remote code execution RCE...

9.8CVSS7.7AI score0.99999EPSS
Exploits45
Prion
Prion
added 2021/10/05 2:15 p.m.12 views

Design/Logic Flaw

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

4CVSS4.6AI score0.00926EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2017/08/11 12:0 a.m.133 views

Remote Command Execution in git client (CVE-2017-12426)

Remote Command Execution in git client CVE-2017-12426 An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

6.8CVSS9.2AI score0.0354EPSS
Exploits1
Rows per page
Query Builder