Lucene search
K

83 matches found

CNNVD
CNNVD
added 2023/01/09 12:0 a.m.15 views

Linksys WUMC710 操作系统命令注入漏洞

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

7.2CVSS8.2AI score0.01682EPSS
Exploits1References4
OSV
OSV
added 2022/12/12 9:15 p.m.7 views

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

6.1CVSS5.9AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/08 12:0 a.m.4 views

PT-2022-22812

Name of the Vulnerable Software and Affected Versions rpc.py versions through 0.6.0 Description The issue allows Remote Code Execution because an unpickle occurs when the serializer: pickle HTTP header is sent. Although JSON is the default data format, an unauthenticated client can cause the data...

9.8CVSS7.4AI score0.45862EPSS
Exploits7References17
OSV
OSV
added 2022/02/14 12:15 p.m.4 views

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...

7.5CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.5 views

PT-2022-16145 · Blitz.Js +1 · Blitz.Js +1

Name of the Vulnerable Software and Affected Versions: superjson versions prior to 1.8.1 Blitz.js versions prior to 0.45.3 Description: The issue allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the serv...

9.8CVSS9.7AI score0.02351EPSS
Exploits1References11
CVE
CVE
added 2022/01/21 6:17 p.m.60 views

CVE-2021-43355

The CVE-2021-43355 entry concerns Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) v2.0.1.3, where client-side input validation is performed without server-side authentication, allowing a user to bypass checks and login with service privileges. The root cause is misuse of client-side ...

9.8CVSS8.6AI score0.00978EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2021/09/28 6:15 p.m.5 views

CVE-2021-41318

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...

6.1CVSS6.1AI score0.05881EPSS
Exploits4References2
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.5 views

WordPress 插件 代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in JoomSport for WordPress that stems from joomsport versions prior to 5.1.8 that register unauthenticated and unauthenticated users with unserialized user inputs from the shattr POST parameter,...

9.8CVSS8.5AI score0.02068EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.10 views

WordPress Related Posts 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A cross-site scripting vulnerability exists in the Related...

5.4CVSS5.4AI score0.00632EPSS
Exploits2References2
CNVD
CNVD
added 2021/03/19 12:0 a.m.8 views

Wordpress Blog2Social SQL Injection Vulnerability

Wordpress Blog2Social is an application plugin for Wordpress. Provides an automatic posting and updating feature. A SQL injection vulnerability exists in WordPress Blog2Social plugin versions prior to 6.3.1, which stems from the fact that unauthenticated input can lead to SQL injection in the...

8.8CVSS7.6AI score0.01505EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.7 views

Wordpress WP Shieldon 跨站脚本漏洞

Wordpress WP Shieldon is Wordpress open source an application plugin . Provides a WordPress security plugin based on the Shieldon library, which is a web application firewall for PHP. A cross-site scripting vulnerability exists in WordPress WP Shieldon plugin 1.6.3, which stems from unauthenticat...

6.1CVSS6AI score0.01148EPSS
Exploits2References2
OSV
OSV
added 2021/02/09 5:15 a.m.5 views

CVE-2020-13408

Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...

5.9CVSS6.2AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2019/05/24 5:29 p.m.4 views

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...

6.1CVSS6.7AI score0.01778EPSS
Exploits3References3
OSV
OSV
added 2019/02/05 6:29 p.m.6 views

CVE-2018-18996

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server...

9.8CVSS6.1AI score0.02462EPSS
Exploits0References2
CNVD
CNVD
added 2019/01/18 12:0 a.m.4 views

Unspecified vulnerability in LCDS LAquis SCADA (CNVD-2019-28111)

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3870, whi...

9.8CVSS7.3AI score0.02462EPSS
Exploits0References1
NVD
NVD
added 2018/10/24 9:29 p.m.17 views

CVE-2018-18013

Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...

7.8CVSS8AI score0.02919EPSS
Exploits1References1
OSV
OSV
added 2018/10/24 9:29 p.m.6 views

CVE-2018-18013

Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...

7.8CVSS6.4AI score0.02919EPSS
Exploits1References1
CVE
CVE
added 2018/10/24 9:0 p.m.52 views

CVE-2018-18013

Xen Mobile prior to 10.8.0 contains a service listening on port 5001 that accepts unauthenticated input; deserializing raw Java objects in memory can lead to remote code execution. The vendor disputes the vulnerability, stating it is mitigated by an internal firewall limiting access to localhost....

7.8CVSS8AI score0.02919EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2018/10/24 12:0 a.m.5 views

PT-2018-14320 · Citrix · Xen Mobile

Name of the Vulnerable Software and Affected Versions: Xen Mobile versions prior to 10.8.0 Description: The issue arises from a service listening on port 5001 within the firewall of Xen Mobile, which accepts unauthenticated input. This service deserializes raw serialized Java objects into Java...

7.8CVSS8AI score0.02919EPSS
Exploits1References3
CNVD
CNVD
added 2018/07/03 12:0 a.m.2 views

Cisco Unified Computing System Local Command Injection Vulnerability (CNVD-2018-13560)

Cisco Unified Computing System UCS Software is a set of unified computing system of the United States Cisco Cisco. The system through the extensive use of virtualization technology will be integrated into a platform of network, computing and virtualization resources. A local command injection...

8AI score
Exploits0References1
Rows per page
Query Builder