Lucene search
K

249 matches found

OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.9 views

QNAP QTS Video Station Multiple Vulnerabilities (QSA-24-24)

QNAP Video Station is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:qnap:videostation"; if...

8.8CVSS5.8AI score0.00965EPSS
Exploits0References1
NVD
NVD
added 2024/07/12 1:15 p.m.30 views

CVE-2024-40985

In the Linux kernel, the following vulnerability has been resolved: net/tcpao: Don't leak aoinfo on error-path It seems I introduced it together with TCPAOCMDFAOREQUIRED, on version 5 1 of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov...

5.5CVSS0.00235EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/07/02 12:0 a.m.17 views

MongoDB Missing Authorization Check Vulnerability (SERVER-79327) - Windows

MongoDB is prone to a missing authorization check vulnerability in refine collection shard key. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.5CVSS8.3AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.7 views

Tessi Docubase Document Management Security Vulnerability

Tessi Docubase Document Management is a document management and process automation software from Tessi. A security vulnerability exists in Tessi Docubase Document Management version 5.x. A remote attacker could exploit the vulnerability to execute arbitrary code via the page parameter...

5.4CVSS7.7AI score0.00455EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.5 views

Tessi Docubase Document Management Security Vulnerability

Tessi Docubase Document Management is a document management and process automation software from Tessi. A security vulnerability exists in Tessi Docubase Document Management version 5.x. A remote attacker could exploit the vulnerability to execute arbitrary code via the filename parameter...

5.4CVSS7.7AI score0.00455EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.3 views

PT-2024-37440 · Unknown · Ez-Suite Ez-Partner

Name of the Vulnerable Software and Affected Versions: EZ-Suite EZ-Partner version 5 Description: A vulnerability has been found in the Forgot Password Handler component, leading to basic cross site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosu...

6.9CVSS6.2AI score0.00415EPSS
Exploits0References8
OSV
OSV
added 2024/05/31 4:15 p.m.5 views

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

5.4CVSS5.7AI score0.00268EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/29 6:44 p.m.26 views

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3...

7.3CVSS7.4AI score0.00507EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2024/05/16 12:0 a.m.117 views

MongoDB Improper Validation Vulnerability (SERVER-85263) - Linux

MongoDB is prone to an improper validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

7.5CVSS8.1AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 5:5 p.m.120 views

GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing

Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...

10CVSS9.2AI score0.00833EPSS
Exploits1References10
NVD
NVD
added 2024/04/09 2:15 p.m.18 views

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS9.3AI score0.04667EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/09 1:42 p.m.13 views

CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS7.4AI score0.06437EPSS
Exploits2References2
CVE
CVE
added 2024/04/09 1:41 p.m.80 views

CVE-2023-6318

LG webOS versions 5 through 7 are affected by a command injection in the processAnalyticsReport method of the com.webos.service.cloudupload service, enabling root-level code execution via specially crafted authenticated requests. Affected versions listed include webOS 5.5.0 – 04.50.51, 6.3.3-442,...

9.1CVSS9.4AI score0.04667EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.5 views

Silverstripe Framework Security Vulnerability

silverstripe framework is a set of CMS website frameworks. A security vulnerability exists in Silverstripe Framework versions 4.x prior to 4.13.39 and 5.x prior to 5.1.11, which stems from a user being able to access record headers that they are not authorized to view...

4.3CVSS6.7AI score0.00355EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/10/06 12:0 a.m.13 views

Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v)

Zope is prone to a cross-site scripting XSS vulnerability with SVG images. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.9AI score0.00599EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/10/06 12:0 a.m.15 views

Zope XSS Vulnerability (GHSA-m755-gxxg-r5qh)

Zope is prone to a cross-site scripting XSS vulnerability via the title property in the Zope management interface. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.8CVSS5.7AI score0.00404EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/10/06 12:0 a.m.19 views

Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)

Zope is prone to an information disclosure vulnerability through Python SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zope:zope...

7.7CVSS6.6AI score0.00519EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/08/23 7:43 p.m.14 views

SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by these vulnerabilities. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release...

6.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/16 3:15 p.m.3 views

CVE-2023-40351

A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/06 9:15 p.m.52 views

Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS7.3AI score0.96604EPSS
Exploits11References11Affected Software3
Rows per page
Query Builder