Lucene search
K

167 matches found

github
github
added 2023/12/01 12:31 a.m.56 views

Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7.5AI score0.01345EPSS
Exploits0References3Affected Software3
osv
osv
added 2023/06/03 11:31 p.m.14 views

CVE-2023-3091 Captura CRYPTBASE.dll uncontrolled search path

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack i...

7CVSS6.1AI score0.00197EPSS
Exploits0References4
nessus
nessus
added 2023/05/24 12:0 a.m.30 views

PCI DSS Compliance : Security End of Life Software

According to its version, the following software is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. The PCI Data Security Standard requires...

5.5AI score
Exploits0
osv
osv
added 2023/04/10 6:30 p.m.13 views

GHSA-27PG-4CJ6-8994 yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

7.2CVSS6.5AI score0.01013EPSS
Exploits1References5
github
github
added 2023/04/10 6:30 p.m.37 views

yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

7.2CVSS6.9AI score0.01013EPSS
Exploits1References5Affected Software1
osv
osv
added 2023/04/10 6:30 p.m.18 views

GHSA-QR7H-8PV2-XVX2 yuan1994 tpAdmin vulnerable to Server-Side Request Forgery

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

4.9CVSS5.8AI score0.00636EPSS
Exploits1References5
osv
osv
added 2023/04/10 4:0 p.m.6 views

CVE-2023-1970 yuan1994 tpAdmin Upload.php Upload unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

6.3CVSS5.7AI score0.01013EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2023/04/10 4:0 p.m.10 views

CVE-2023-1970 yuan1994 tpAdmin Upload.php Upload unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

6.5CVSS7.2AI score0.01013EPSS
Exploits1References3
cve
cve
added 2023/03/30 9:10 a.m.67 views

CVE-2023-28935

CVE-2023-28935 affects Apache UIMA DUCC (Distributed UIMA Cluster Computing). The issue is an improper neutralization of special elements used in a command (command injection) that allows an authenticated user with permissions to modify core entities to cause command execution as the web process ...

8.8CVSS8.8AI score0.02957EPSS
Exploits0References1Affected Software1
github
github
added 2023/03/16 3:30 p.m.990 views

Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

6.1CVSS6.6AI score0.00719EPSS
Exploits1References12Affected Software2
cve
cve
added 2023/03/10 1:38 p.m.298 views

CVE-2023-26464

The CVE-2023-26464 issue affects Apache Log4j 1.x Chainsaw and SocketAppender when running on JRE

7.5CVSS8.2AI score0.01905EPSS
In wildExploits0References2Affected Software1
osv
osv
added 2023/02/21 6:15 p.m.12 views

CVE-2017-20178

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

7.5CVSS7.4AI score
Exploits0References5
nessus
nessus
added 2023/02/10 12:0 a.m.142 views

Apache Tomcat SEoL (10.0.x)

According to its version, Apache Tomcat is 10.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

5.5AI score
Exploits0References1
github
github
added 2023/01/05 9:30 a.m.23 views

django-ucamlookup Cross-site Scripting vulnerability

A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading ...

6.1CVSS1.8AI score0.00548EPSS
Exploits0References7Affected Software1
github
github
added 2023/01/01 6:30 p.m.22 views

SimpleSAMLphp simplesamlphp-module-openid

A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to...

6.1CVSS4.8AI score0.0064EPSS
Exploits0References6Affected Software1
github
github
added 2022/12/31 12:30 p.m.24 views

Yii2 FileAPI Widget vulnerable to Cross-site Scripting

A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched...

6.1CVSS6AI score0.00544EPSS
Exploits0References6Affected Software1
osv
osv
added 2022/12/28 9:15 a.m.11 views

CVE-2021-4293

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menulistupdate.php. The manipulation of the argument melink leads to cross site scripting. It is possible to launch the attack...

6.1CVSS6.2AI score0.00505EPSS
Exploits0References4
osv
osv
added 2022/12/27 11:5 p.m.18 views

CVE-2022-4773 cloudsync LocalFilesystemConnector.java getItem path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the...

2.5CVSS4.9AI score0.00363EPSS
Exploits1References5
osv
osv
added 2022/12/22 12:30 p.m.22 views

GHSA-CJCC-46J8-XMR8 destiny.gg chat vulnerable to cross-site request forgery

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References5
osv
osv
added 2022/12/22 10:15 a.m.19 views

CVE-2020-36625

A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is...

8.8CVSS8.8AI score
Exploits0References3
Rows per page
Query Builder