Lucene search
+L

354 matches found

Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.431 views

Gitea 1.24.0+dev HTML Injection / Cross Site Scripting

Gitea version 1.24.0+dev suffers from an html injection vulnerability that can allow for cross site scripting. Title: Gitea 1.24.0+dev HTML Injection Vulnerability Description: Gitea version 1.24.0+dev-355-g74c8e95e87 is vulnerable to an HTML Injection vulnerability. The issue arises due to...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:14 p.m.7 views

CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...

8.8CVSS7.6AI score0.0199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:16 a.m.15 views

CVE-2024-54365

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...

8.8CVSS7.2AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/01/07 12:0 a.m.17 views

firefox -- authentication bypass

[email protected] reports: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed...

3.3CVSS7.1AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 3:15 p.m.18 views

CVE-2024-54365

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...

8.8CVSS0.00549EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 2:31 p.m.32 views

CVE-2024-54365 WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...

8.8CVSS0.00549EPSS
Exploits0References1
CVE
CVE
added 2024/12/16 2:31 p.m.51 views

CVE-2024-54365

CVE-2024-54365: KH Easy User Settings suffers an Authenticated Privilege Escalation (Authenticated Subscriber+) caused by Incorrect Privilege Assignment, affecting KH Easy User Settings up to version 1.0.0. CVSS v3.1 base score 8.8 (HIGH); impacts: confidentiality, integrity, and availability. Af...

8.8CVSS7.2AI score0.00549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/16 2:31 p.m.12 views

CVE-2024-54365 WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...

8.8CVSS8.6AI score0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.6 views

PT-2024-36251 · Unknown · Halim Kh Easy User Settings

Name of the Vulnerable Software and Affected Versions: Halim KH Easy User Settings versions n/a through 1.0.0 Description: The issue is related to an Incorrect Privilege Assignment, which allows Privilege Escalation. Recommendations: For Halim KH Easy User Settings versions n/a through 1.0.0, at...

8.8CVSS6.9AI score0.00549EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 1:15 p.m.28 views

CVE-2024-28142

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

4.7CVSS0.00452EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 12:35 p.m.35 views

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 12:35 p.m.15 views

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

7AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 12:35 p.m.58 views

CVE-2024-28142

The CVE-2024-28142 entry describes stored cross-site scripting via improper input sanitization on the Image Access Scan2Net (and related lines) File Name input on the User Settings page (/cgi/uset.cgi?-cfilename). The root cause is inadequate filtering of the file name and wildcard character inpu...

4.7CVSS6.7AI score0.00452EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/12/11 10:39 p.m.6 views

WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin KH Easy User Settings versions = 1.0.0...

8.8CVSS7AI score0.00549EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/10 1:53 p.m.10 views

CVE-2024-52051

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC S7-PLCSIM V18 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4, SIMATIC STEP 7 V17 All versions V17 Upda...

7.3CVSS6.9AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/10 1:53 p.m.35 views

CVE-2024-52051

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC S7-PLCSIM V18 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4, SIMATIC STEP 7 V17 All versions V17 Upda...

7.3CVSS0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.9 views

PT-2024-9404 · Siemens · Sinamics Startdrive +11

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-PLCSIM versions 17 through 18 SIMATIC STEP 7 Safety versions 17 through 19 SIMATIC STEP 7 versions 17 through 19 SIMATIC WinCC Unified PC Runtime versions 18 through 19 SIMATIC WinCC Unified versions 17 through 19 SIMATIC WinCC...

7.3CVSS7.7AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2024/12/05 2:58 p.m.17 views

SUSE-SU-2024:4205-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...

9.9CVSS9.8AI score0.16496EPSS
Exploits0References8
NVD
NVD
added 2024/12/03 9:15 p.m.35 views

CVE-2024-45757

An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access...

7.2CVSS0.00391EPSS
Exploits0References2
OSV
OSV
added 2024/12/03 9:15 p.m.5 views

CVE-2024-45757

An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access...

7.2CVSS5.8AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder