Lucene search
K

160 matches found

cnnvd
cnnvd
added 2023/11/07 12:0 a.m.7 views

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

9.8CVSS8AI score0.00831EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/11/07 12:0 a.m.9 views

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

9.8CVSS8AI score0.00831EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/11/06 12:0 a.m.5 views

1E Platform Security Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in versions prior to 1E Platform v20.1 that stems from a command that fails to properly validate URL parameters, allowing specially crafted input to execute arbitrary code with system...

9.9CVSS7.8AI score0.00828EPSS
Exploits0References4
wpvulndb
wpvulndb
added 2023/10/27 12:0 a.m.21 views

WP Full Stripe Free <= 1.6.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2023/10/17 12:0 a.m.13 views

Abandoned Cart Lite for WooCommerce < 5.16.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2023/10/02 12:0 a.m.12 views

Popup contact form <= 7.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00336EPSS
Exploits0
wpvulndb
wpvulndb
added 2023/09/27 12:0 a.m.11 views

Save as Image by Pdfcrowd < 2.16.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00335EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2023/08/25 3:15 p.m.5 views

CVE-2023-40801

The sub451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...

8.8CVSS7.4AI score0.00747EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/08/25 12:0 a.m.3 views

PT-2023-27641 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: The issue arises from the sub 4781A4 function not validating user-entered parameters, leading to a post-authentication stack overflow. This occurs after a user has successfully authenticated,...

8.8CVSS8.6AI score0.00787EPSS
Exploits1References6
osv
osv
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...

9.8CVSS7.6AI score0.01274EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/05/23 12:0 a.m.5 views

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from not validating the parameters of an API function, which result...

9.8CVSS8.8AI score0.01274EPSS
Exploits2References3
cnnvd
cnnvd
added 2023/05/17 12:0 a.m.5 views

Online Exam System SQL注入漏洞

Online Exam System is an online exam system. Online Exam System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameters columns, data of /classes/Master.php?f=deleteservice/kelasdosen/data for external input SQL statements. An attacker can...

8.8CVSS8.1AI score0.00734EPSS
Exploits1References4
osv
osv
added 2023/02/25 2:15 a.m.2 views

DEBIAN-CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

9.8CVSS9AI score0.00607EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/02/21 12:0 a.m.2 views

WordPress plugin Loan Comparison 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00486EPSS
Exploits2References2
cnnvd
cnnvd
added 2023/02/13 12:0 a.m.5 views

ConnectWise Control 注入漏洞

ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. An injection vulnerability exists in ConnectWise Control versions prior to 22.9.10032 that stems from an inability to validate user-supplied parameters...

8.8CVSS8.4AI score0.01065EPSS
Exploits1References6
cnnvd
cnnvd
added 2023/02/06 12:0 a.m.4 views

WordPress plugin WP VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00649EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/02/06 12:0 a.m.8 views

WordPress plugin Annual Archive 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers. A cross-site scripting...

5.4CVSS5.4AI score0.00573EPSS
Exploits2References2
cnnvd
cnnvd
added 2023/02/06 12:0 a.m.7 views

WordPress plugin Giveaways and Contests by RafflePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00573EPSS
Exploits2References2
cnnvd
cnnvd
added 2023/02/06 12:0 a.m.7 views

WordPress plugin Contextual Related Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.0054EPSS
Exploits2References2
cnnvd
cnnvd
added 2023/01/23 12:0 a.m.39 views

WordPress plugin ShiftNav 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
Rows per page
Query Builder