Lucene search
+L

49 matches found

CNNVD
CNNVD
added 2025/10/20 12:0 a.m.7 views

MOTEX Lanscope Endpoint Manager 安全漏洞

MOTEX Lanscope Endpoint Manager is an enterprise endpoint security and asset management system from MOTEX Japan. A security vulnerability exists in MOTEX Lanscope Endpoint Manager On-Premises that stems from not properly validating the source of incoming requests, which could lead to the executio...

9.8CVSS9.7AI score0.0265EPSS
Exploits0References2
CVE
CVE
added 2025/07/04 5:28 p.m.23 views

CVE-2025-53483

The CVE-2025-53483 issue affects the MediaWiki SecurePoll extension and is triggered by pages ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage::executeClear() not validating request methods or CSRF tokens. The vulnerability enables CSRF to trigger sensitive admin actions when an admin...

8.8CVSS6.5AI score0.00187EPSS
Exploits0References3
NCSC
NCSC
added 2025/06/22 8:19 a.m.6 views

Vulnerabilities fixed in IBM InfoSphere Information Server

IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...

8.7CVSS6.5AI score0.00376EPSS
Exploits0References2
CNVD
CNVD
added 2025/02/13 12:0 a.m.5 views

Zoom Workplace Apps Out-of-Bounds Write Vulnerability

Zoom Workplace Apps is an app for multiple platforms including Linux, macOS, Windows, iOS and Android. Zoom Workplace Apps suffers from an out-of-bounds write vulnerability that stems from the application failing to properly validate boundaries when processing a specific request. An attacker coul...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.4 views

Altair 资源管理错误漏洞

Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...

8.6CVSS6.7AI score0.00591EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/07 2:12 p.m.28 views

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS7.5AI score0.00593EPSS
Exploits0References2
OSV
OSV
added 2023/04/03 3:15 p.m.4 views

CVE-2023-1124

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

7.2CVSS7.1AI score0.01084EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.11 views

PT-2023-16772 · WordPress · Shopping Cart & Ecommerce Store

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store WordPress plugin versions prior to 5.4.3 Description: The issue allows authenticated users with admin privileges to perform Local File Inclusion LFI attacks due to a lack of validation of HTTP requests. LFI...

7.2CVSS8.5AI score0.01084EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

WordPress plugin Member Hero 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

9.8CVSS6AI score0.09105EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/23 10:30 a.m.4 views

CVE-2021-42786

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...

9.8CVSS7.4AI score0.02008EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/05 3:0 p.m.25 views

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

8.7AI score0.00847EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.11 views

Drupal 跨站脚本漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Entity Embed module, which originates from a WEB application that does not adequately validate that a request is coming from a trusted user. An...

6.1CVSS6AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.9 views

WordPress titan-framework 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress titan-framework, which stems from a WEB...

6.1CVSS6AI score0.01785EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.5 views

WordPress plugin AddToAny Share Buttons 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plug...

5.4CVSS5.5AI score0.00624EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.3 views

express-cart 跨站请求伪造漏洞

express-cart is a shopping cart module used in Node.js. A cross-site request forgery vulnerability exists in express-cart in Node.js, which stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...

8.8CVSS7.8AI score0.00567EPSS
Exploits0References3
OSV
OSV
added 2021/02/04 5:15 p.m.4 views

CVE-2021-1294

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

9.8CVSS7.9AI score0.0418EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/10 12:0 a.m.3 views

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2020-52904)

Microsoft Dynamics 365 is Microsoft's next-generation intelligent business application that helps enterprises grow and digitally transform through the perfect integration of CRM and ERP. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 Local Edition 8.2, 9.0. The vulnerabilit...

5.4CVSS6AI score0.0164EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/13 12:0 a.m.4 views

RICOH SP C250DN Cross-Site Request Forgery Vulnerability

The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A cross-site request forgery vulnerability exists in RICOH SP C250DN version 1.06. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker cou...

8.8CVSS6.8AI score0.00714EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/08 12:0 a.m.1 views

phpBB cross-site request forgery vulnerability (CNVD-2019-34464)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB, which arises from a WEB application that does not adequately validate...

7AI score
Exploits0References1
CNVD
CNVD
added 2019/07/16 12:0 a.m.1 views

Mozilla Firefox and Firefox ESR Cross-Site Request Forgery Vulnerability

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site request forgery vulnerability exists in Mozilla Firefox versions...

8.8CVSS8.8AI score0.01047EPSS
Exploits0References1
Rows per page
Query Builder