Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8202 matches found

ICS
ICSadded 2018/03/27 12:0 a.m.54 views

Siemens TIM 1531 IRC

CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules: TIM 1531...

10CVSS9.8AI score0.04932EPSS
Exploits0References9
Hacker One
Hacker Oneadded 2018/03/26 10:10 p.m.41 views

Stellar.org: Exploitable vulnerability in SDEX

Hi, Last Thursday I discovered the exploitable vulnerability in SDEX. I immediately reported the bug directly to Jed by email and he confirmed it. It's all about rounding during trades. You see, I found that orders are always executed if the price matches market, even if the amount is as small as...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2018/03/23 12:0 a.m.51 views

ModSecurity For Nginx Use-After-Free

Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vectors. / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In...

7.1AI score
Exploits0
CNVD
CNVDadded 2018/03/22 12:0 a.m.2 views

Alkacon OpenCMS gallery feature cross-site scripting vulnerability

Alkacon OpenCms is the German Alkacon Software's set of open source Java and XML-based content management system CMS. The system supports template engine , WYSIWYG editor and so on. A cross-site scripting vulnerability exists in the gallery feature in Alkacon OpenCMS version 10.5.3. A remote...

4.6CVSS6AI score0.01405EPSS
Exploits5References1
ATTACKERKB
ATTACKERKBadded 2018/03/20 7:29 a.m.5 views

CVE-2018-8815

Cross-site scripting XSS vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image...

4.6CVSS5.7AI score0.01405EPSS
Exploits5References3
ossfuzz
ossfuzzadded 2018/03/19 10:27 p.m.12 views

gdal/gdal_vector_translate_fuzzer: Heap-buffer-overflow in _escapeString_GCIO

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5667643664105472 Project: gdal Fuzzer: aflgdalvectortranslatefuzzer Fuzz target binary: gdalvectortranslatefuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash...

6.7AI score
Exploits0Affected Software1
ossfuzz
ossfuzzadded 2018/03/17 1:18 p.m.14 views

gdal/gdal_vector_translate_fuzzer: Heap-buffer-overflow in SHPCreateLL

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4684654431961088 Project: gdal Fuzzer: aflgdalvectortranslatefuzzer Fuzz target binary: gdalvectortranslatefuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...

6.7AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linuxadded 2018/03/15 11:24 a.m.3 views

Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

8.8CVSS7.5AI score0.08024EPSS
Exploits0References5
CNVD
CNVDadded 2018/03/15 12:0 a.m.1 views

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-06800)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel, which arises from a program's failure to properly filter objects in...

5.5CVSS6AI score0.0188EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2018/03/12 12:0 a.m.22 views

Solaris 10 (x86) : 120665-01

SunOS 5.10x86: tl driver patch. Date this patch was last updated by Sun : Sep/15/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

2.1CVSS7AI score0.00375EPSS
Exploits0References2
CNVD
CNVDadded 2018/03/12 12:0 a.m.1 views

Shimmie cross-site scripting vulnerability (CNVD-2018-06088)

Shimmie is a set of image panels for installing and configuring Web sites. A cross-site scripting vulnerability exists in Shimmie 2 version 2.6.0, which stems from the program failing to properly handle uploaded SVG files. A remote attacker can exploit the vulnerability by uploading a specially...

6.1CVSS6.3AI score0.00865EPSS
Exploits1References1
CISA
CISAadded 2018/03/03 12:0 a.m.15 views

Red Hat Releases Security Guidance for Memcached

Red Hat has released security recommendations to address potential Distributed Denial of Service attacks using Memcached. This misconfiguration could allow an attacker to exploit Memcached services as a reflection and amplification vector, causing unexpected volumes of traffic to be sent to...

6.7AI score
Exploits0References3
Prion
Prionadded 2018/02/27 5:29 a.m.12 views

Code injection

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS...

6.8CVSS8.8AI score0.15627EPSS
Exploits0References4Affected Software4
RedHat Linux
RedHat Linuxadded 2018/02/21 12:25 p.m.9 views

rubygem-will_paginate: XSS vulnerabilities

It was found that ruby willpaginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the willpaginate gem to display arbitrary HTML including scripting code within the web interface...

4.3CVSS7.4AI score0.02209EPSS
Exploits1References4
Vulnerability Lab
Vulnerability Labadded 2018/02/20 12:0 a.m.44 views

Geldkarte - transaktionsid Cross Site Scripting Vulnerability

Document Title: =============== Geldkarte - transaktionsid Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2118 Release Date: ============= 2018-02-20 Vulnerability Laboratory ID VL-ID:...

0.2AI score
Exploits0
OSV
OSVadded 2018/02/16 6:29 p.m.2 views

CVE-2018-7188

An XSS vulnerability via an SVG image in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php...

5.4CVSS5.8AI score0.00534EPSS
Exploits0References2
CNVD
CNVDadded 2018/02/12 12:0 a.m.4 views

miniBB Cross-Site Scripting Vulnerability

miniBB full name Minimalistic Bulletin Board is a free, open source Internet forum software. The software supports a variety of forum styles , multiple interface languages , multiple time zones , plug-ins and extensions , etc. Administrative Panel is one of the administrative panel . A cross-site...

4.8CVSS6.5AI score0.00539EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2018/02/10 12:0 a.m.46 views

Multi Language Olx Clone Script 2.0.7 Cross Site Scripting

Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application Version:2.0.6 Tested on: Windows 7 CVE: NA...

6.5AI score0.02528EPSS
Exploits3
CNVD
CNVDadded 2018/02/06 12:0 a.m.1 views

Apache Tomcat Code Execution Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server, which is mainly used for the development and debugging of JSP programs for small and medium-sized systems. There is a security vulnerability in Apache Tomcat. An...

5.3CVSS7.1AI score0.06198EPSS
Exploits0References1
Snyk
Snykadded 2018/02/02 9:18 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through SVG files if enableSvg is set. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script...

6.5CVSS5.3AI score
Exploits0References2
Rows per page
Query Builder