Lucene search
K

67 matches found

CNNVD
CNNVD
added 2024/05/03 12:0 a.m.8 views

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

9.8CVSS8.1AI score0.01483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.7 views

PT-2024-14221 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...

7.2CVSS7.8AI score0.0179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.5 views

PT-2024-14530 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements ...

7.5CVSS6.6AI score0.01904EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.6 views

PT-2024-14224 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra version 7.5.0 Build 29 Description: This issue allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...

7.5CVSS6.8AI score0.01904EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by...

9.8CVSS7.4AI score0.22133EPSS
Exploits2References1
OSV
OSV
added 2023/09/04 11:15 a.m.2 views

CVE-2023-4614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

9.8CVSS6.2AI score0.02146EPSS
Exploits0References2
OSV
OSV
added 2023/09/04 9:15 a.m.5 views

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

9.8CVSS6.2AI score0.02182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.4 views

PT-2023-27476 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specif...

7.5CVSS6.5AI score0.77245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.4 views

PT-2023-27478 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...

9.8CVSS7.7AI score0.82964EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.22 views

PT-2023-26311 · Softing · Softing Edgeaggregator

Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...

7.2CVSS7.2AI score0.68611EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.4 views

Wordpress plugin User Meta – User Profile Builder and User management 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.7CVSS7.3AI score0.00518EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.6 views

PT-2023-5480 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. The specific flaw exists within the implementation of the...

10CVSS7.5AI score0.02388EPSS
Exploits0References6
Veracode
Veracode
added 2023/01/31 3:43 a.m.22 views

Directory Traversal

onnx is vulnerable to Directory Traversal. The vulnerability exists in the checktensor function of checker.cc as the externaldata field of the tensor proto may have an unvalidated path to a file which is outside the current model directory or a user-provided directory...

7.5CVSS7.2AI score0.01608EPSS
Exploits1References5Affected Software2
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.4 views

WordPress plugin Export All URLs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.7AI score0.00952EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.3 views

Ingredients Stock Management System 路径遍历漏洞

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of Ingredients Stock Management System is vulnerable to an arbitrary file deletion vulnerability in component /classes/ Master.php?f=deleteimg lacks validation for the delete...

6.5CVSS6.9AI score0.00917EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.2 views

CVAT 代码问题漏洞

CVAT is an interactive video and image annotation tool for computer vision. A code issue vulnerability exists in versions of CVAT prior to 2.0.0, which stems from a url used in a code path without added validation...

9.8CVSS8.3AI score0.47846EPSS
Exploits4References6
OSV
OSV
added 2022/06/27 9:15 a.m.3 views

CVE-2022-1953

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...

9.1CVSS5.9AI score0.01662EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.6 views

PT-2022-23725 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.3.101 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9.8CVSS9.2AI score0.83436EPSS
Exploits0References3
OSV
OSV
added 2021/10/26 8:15 p.m.2 views

UBUNTU-CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1CVSS6.1AI score0.01731EPSS
Exploits0References2
Node.js
Node.js
added 2021/02/23 2:32 a.m.82 views

Open Redirect

Overview Slashify is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, ...

5.8CVSS6.5AI score0.00526EPSS
Exploits1Affected Software1
Rows per page
Query Builder