Lucene search
+L

6 matches found

susecve
susecve
added 2024/12/04 3:48 a.m.1 views

SUSE CVE-2024-53988

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS8.5AI score0.00435EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/12/02 12:0 a.m.5 views

PT-2024-35999

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: A possible XSS vulnerability exists with certain configurations of Rails::HTML::Sanitizer when used with Rails = 7.1.0. This vulnerability may allow an attacker to inject content if HTML5...

6.4CVSS6.5AI score0.00581EPSS
Exploits0References24
ptsecurity
ptsecurity
added 2023/06/01 12:0 a.m.5 views

PT-2023-10172 · Unknown · Vaultpress Plugin +1

Name of the Vulnerable Software and Affected Versions: VaultPress Plugin versions up to 1.6.0 Description: A critical issue has been found in the VaultPress Plugin, affecting the protect aioseo ajax function of the class.vaultpress-hotfixes.php file in the MailPoet Plugin component. This issue...

9.8CVSS7.2AI score0.00744EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2022/06/06 12:0 a.m.4 views

PT-2022-21350

Name of the Vulnerable Software and Affected Versions jmespath.rb versions prior to 1.6.1 Description The issue arises from jmespath.rb using JSON.load in a situation where JSON.parse is preferable, potentially leading to remote code execution. Recommendations For versions prior to 1.6.1, update ...

9.8CVSS8.7AI score0.02131EPSS
Exploits0References23
elastic
elastic
added 2015/07/16 5:30 p.m.8 views

Elasticsearch remote code execution CVE-2015-5377

Summary Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...

9.8CVSS7.7AI score0.42983EPSS
Exploits5
ptsecurity
ptsecurity
added 2015/05/08 12:0 a.m.4 views

PT-2015-6250 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...

10CVSS6AI score0.06452EPSS
Exploits1References50
Rows per page
Query Builder