Lucene search
K

111 matches found

CNNVD
CNNVD
added 2023/10/20 12:0 a.m.3 views

WordPress Plugin Poptin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS6AI score0.00507EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/09/25 12:0 a.m.10 views

CVE-2023-43456

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...

7AI score0.0069EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.4 views

PT-2023-27645 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: The issue arises from the sub 451784 function not validating user-entered parameters, leading to a stack overflow. Recommendations: For Tenda AC23 version 16.03.07.45 cn, as a temporary workaroun...

8.8CVSS8.6AI score0.00747EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/03/27 3:37 p.m.29 views

CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

9.1AI score0.00898EPSS
Exploits2References1
NVD
NVD
added 2023/02/13 8:15 p.m.31 views

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

8.8CVSS9.5AI score0.01065EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.30 views

CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.01347EPSS
Exploits2References1
OSV
OSV
added 2023/01/10 9:15 p.m.4 views

CVE-2022-45166

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role...

4.3CVSS5.8AI score0.00481EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.5 views

PT-2023-14624 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service accepts user-controlled parameters to act on the data returned to the user. This allows a basic user to access data unrelated ...

6.5CVSS6.9AI score0.00481EPSS
Exploits0References6
CNVD
CNVD
added 2022/11/04 12:0 a.m.21 views

Online Diagnostic Lab Management System SQL Injection Vulnerability

Online Diagnostic Lab Management System is an online diagnostic lab management system that provides a variety of diagnostic tasks online. online Diagnostic Lab Management System is vulnerable to SQL injection in version v1.0. The vulnerability stems from the affected version not properly filterin...

3.6AI score0.00821EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/12 4:15 a.m.11 views

CVE-2022-36257

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...

7.5CVSS7.5AI score0.00786EPSS
Exploits1References4
CNVD
CNVD
added 2022/06/21 12:0 a.m.36 views

VoIPmonitor SQL Injection Vulnerability (CNVD-2022-66404)

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...

7.5CVSS3.3AI score0.01089EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.5 views

VoIPmonitor SQL注入漏洞

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...

9.8CVSS6.2AI score0.01089EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.25 views

MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

7.2CVSS6.9AI score0.64088EPSS
Exploits6References6Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.24 views

GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

7.2CVSS7AI score0.64088EPSS
Exploits6References6
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.3 views

ZZCMS 跨站脚本漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS 2021 is vulnerable to a cross-site scripting vulnerability that originates from a lack of restriction and filtering of user parameters in admanage.php. An attacker could exploit this vulnerability to execute client-side...

4.8CVSS5.3AI score0.00486EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.2 views

PT-2022-16104 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The Grappler component of TensorFlow is vulnerable to an integer overflow during...

9.8CVSS9.4AI score0.00888EPSS
Exploits1References12
Debian CVE
Debian CVE
added 2022/02/03 2:27 p.m.5 views

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.9AI score0.00821EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2021/10/27 6:55 p.m.10 views

CVE-2021-34761 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability

A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...

4.4CVSS7AI score0.00207EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 8:15 a.m.17 views

Hardcoded credentials

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

4.3CVSS6AI score0.00611EPSS
Exploits0References1Affected Software4
Github Security Blog
Github Security Blog
added 2020/07/07 4:34 p.m.92 views

CSRF Vulnerability in rails-ujs

There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...

6.5CVSS6.7AI score0.01485EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder