Lucene search
K

306 matches found

CNNVD
CNNVD
added 2025/07/21 12:0 a.m.4 views

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

7.8CVSS7.6AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.11 views

GStreamer 安全漏洞

GStreamer is a GStreamer open source set of frameworks for processing streaming media. A security vulnerability exists in GStreamer that stems from parsing H266 sei messages without properly validating the length of user-supplied data, which could lead to remote code execution...

7.8CVSS7.8AI score0.00325EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/12 9:19 a.m.5 views

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS5.2AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 9:19 a.m.5 views

CVE-2025-3905

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS5.2AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 8:25 a.m.51 views

CVE-2025-3899

CVE-2025-3899 impacts Schneider Electric Modicon Controllers’ web interface (Certificates page). The issue is a Cross-Site Scripting (CWE-79) vulnerability caused by improper input neutralization during web page generation, allowing an authenticated malicious user to inject unvalidated data that ...

5.4CVSS7AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/10 8:25 a.m.2 views

CVE-2025-3899

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS6.6AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.8 views

PT-2025-24629 · Unknown · Vwebserver

Name of the Vulnerable Software and Affected Versions: Webserver affected versions not specified Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This could allow an authenticated malicious user to inject...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.3 views

Sonos Era 300 缓冲区错误漏洞

Sonos Era 300 is a spatial audio speaker with Dolby Atmos Dolby Atmos from Sonos USA. The Sonos Era 300 suffers from a buffer error vulnerability that stems from unvalidated user data during HLS playlist data processing, which could lead to out-of-bounds writes and remote code execution...

8.8CVSS9AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.5 views

GIMP 缓冲区错误漏洞

GIMP is an open source bitmap image editor from the GIMP team. GIMP suffers from a buffer error vulnerability that stems from unvalidated user data during FLI file parsing, which could lead to out-of-bounds writes and remote code execution...

7.8CVSS8.3AI score0.01432EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 a.m.23 views

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

5.3CVSS0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin Advanced iFrame 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

5.3CVSS8.5AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/06 5:8 a.m.11 views

CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS)

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...

5.1CVSS7.1AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/06 5:8 a.m.30 views

CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS)

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...

5.1CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 6:26 p.m.33 views

CVE-2025-22624 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php...

5.1CVSS0.00384EPSS
Exploits0References2
OSV
OSV
added 2025/01/06 5:15 p.m.0 views

DEBIAN-CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...

5.3CVSS6AI score0.0043EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.3 views

PT-2024-17646 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this...

7.8CVSS7.1AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.6 views

PT-2024-17110 · Luxion · Luxion Keyshot

Name of the Vulnerable Software and Affected Versions: Luxion KeyShot affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this issue, where the target must...

7.8CVSS7.2AI score0.00357EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/10/31 12:0 a.m.8 views

Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.8AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.6 views

PT-2024-39798 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...

7.8CVSS7.3AI score0.00275EPSS
Exploits0References3
OSV
OSV
added 2024/07/10 5:15 a.m.6 views

CVE-2024-6411

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pmuploadimage' AJAX action. This makes it possible for authenticated...

8.8CVSS5.8AI score0.00768EPSS
Exploits0References6
Rows per page
Query Builder