Lucene search
K

224 matches found

CNNVD
CNNVD
added 2024/09/16 12:0 a.m.2 views

Intumit SmartRobot 跨站脚本漏洞

Intumit SmartRobot is a web development framework from Intumit, Inc. A cross-site scripting vulnerability exists in Intumit SmartRobot versions prior to v7.1.0 that stems from failure to properly validate a specific page parameter, which could allow an unauthenticated, remote attacker to inject...

6.1CVSS6.2AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2024/08/30 6:15 a.m.6 views

CVE-2024-3673

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues...

9.1CVSS5.8AI score0.05578EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/08/20 8:33 p.m.3 views

python-pillow: buffer overflow in _imagingcms.c

A flaw was found in Pillow. The cmstransformnew function in src/imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service...

6.7CVSS7.5AI score0.00989EPSS
Exploits0References4
Veracode
Veracode
added 2024/08/19 7:7 a.m.12 views

SQL Injection

github.com/stashapp/stash is vulnerable to SQL Injection. The vulnerability is caused due to not validating the values provided in the sort parameter while executing SQL query. This can lead to attacker retrieving data from database or can change values in the database tables...

6.3CVSS7.2AI score0.01179EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.3 views

Bike Delivery System SQL注入漏洞

Bike Delivery System is a bicycle delivery system. A SQL injection vulnerability exists in Bike Delivery System version 1.0 due to a parameter name that lacks validation of externally entered SQL statements. An attacker can use this vulnerability to execute illegal SQL commands to steal sensitive...

9.8CVSS8.2AI score0.00707EPSS
Exploits1References5
OSV
OSV
added 2024/06/13 6:15 a.m.2 views

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS5.8AI score0.00823EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

WordPress plugin Themify Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.7AI score0.00823EPSS
Exploits2References2
Veracode
Veracode
added 2024/05/27 8:17 p.m.11 views

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to an unvalidated returnURL parameter in the dev/build endpoint, which can cause users to be redirected to unverified third-party URLs...

6.6AI score
Exploits0
OSV
OSV
added 2024/05/23 6:15 a.m.2 views

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

9.1CVSS5.8AI score0.01836EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.3 views

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the txtkeyword parameter of the getcompany.aspx file against externally entered SQL statements. An attacker can exploit this...

9.4CVSS8.3AI score0.00618EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.1 views

J2eeFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the export function of the sqlfilte...

9.1CVSS8.2AI score0.0052EPSS
Exploits0References2
OSV
OSV
added 2024/04/15 5:15 a.m.2 views

CVE-2024-1849

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...

5.4CVSS7.3AI score0.00495EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

WordPress Plugin WP Customer Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.4CVSS8.1AI score0.00495EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.274 views

DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection

CVE ID: CVE-2024-30928 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the ajax/query.slide.next.inc file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the...

7.4AI score0.00724EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.17 views

Otter Blocks < 2.6.5 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape its id block parameter before outputting it back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.9AI score0.00358EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/08 11:7 a.m.6 views

OESA-2024-1264 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input...

4.4CVSS7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/02/12 4:15 p.m.4 views

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7.2CVSS5.8AI score0.00812EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.4 views

WordPress Plugin JSM file_get_contents Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

8.8CVSS6.6AI score0.00694EPSS
Exploits2References2
Prion
Prion
added 2023/11/02 3:15 a.m.19 views

Sql injection

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the businfo.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS9.9AI score0.007EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.3 views

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the failure to validate the enable parameter when processing a setLedCfg request, and can be exploited by a...

9.8CVSS7.2AI score0.01515EPSS
Exploits1References2
Rows per page
Query Builder