Lucene search
K

361 matches found

Github Security Blog
Github Security Blog
added 2024/03/05 9:30 p.m.19 views

Concrete CMS Stored Cross-site Scripting vulnerability

Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit t...

4.8CVSS5.9AI score0.00309EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/02/14 12:0 a.m.25 views

ISC BIND DoS Vulnerability (CVE-2023-4408) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

7.5CVSS7.4AI score0.01327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/09 7:43 p.m.14 views

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

2.4CVSS6AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 7:43 p.m.38 views

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

2.4CVSS5.2AI score0.004EPSS
Exploits0References2
CVE
CVE
added 2024/02/09 7:33 p.m.50 views

CVE-2024-1246

Concrete CMS 9.x prior to 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient input validation. A rogue administrator could inject malicious code during image import, potentially executing in users’ browsers. Public references (NVD, Red Hat, GHSA, OSV, Veraco...

4.8CVSS5AI score0.00453EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/09 7:15 p.m.31 views

Input validation

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.3CVSS6.2AI score0.01244EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.42 views

Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

Binary data ivanticsCVE-2024-21887.nbin...

9.1CVSS9.8AI score0.99999EPSS
Exploits18References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 3:43 p.m.14 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

6.8AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.35 views

Apache Traffic Server 8.x < 8.1.3 / 9.x < 9.1.1 Multiple Vulnerabilities

According to its self reported version, the remote Apache Traffic Server install is affected by multiple vulnerabilities. - Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite...

9.8CVSS7.5AI score0.02507EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.6 views

PT-2023-29784 · Senayan · Slims Senayan Library Management System +1

Name of the Vulnerable Software and Affected Versions: Senayan Library Management Systems Slims version 9 Senayan Library Management Systems Bulian version 9.6.1 Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the...

8.8CVSS8.9AI score0.01076EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/21 12:0 a.m.5 views

SuperWebMailer SQL Injection Vulnerability

Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a SQL injection vulnerability in parameter size...

8.8CVSS7.9AI score0.00665EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/09/21 12:0 a.m.25 views

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.5CVSS7.5AI score0.00694EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/15 8:34 a.m.24 views

CVE-2023-4661 SQLi in Saphira Connect

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9...

9.8CVSS10AI score0.00812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.4 views

PT-2023-30117 · Unknown · Saphira Connect

Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue affects Saphira Connect, allowing Remote Code Inclusion due to an Execution with Unnecessary Privileges vulnerability. Recommendations: For versions prior to 9, update to version 9 or...

9.8CVSS9.7AI score0.01187EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

Saphira Connect Cross-Site Scripting Vulnerability

Saphira Connect is a telephone exchange and call center server mobile application from Saphira Connect, Inc. A cross-site scripting vulnerability exists in versions prior to Saphira Connect 9 that stems from incorrect default permissions that allow privilege escalation...

8.8CVSS6.1AI score0.0105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.5 views

PT-2023-30110 · Unknown · Saphira Connect

Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

9.8CVSS9.7AI score0.00812EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2023/08/25 12:0 a.m.41 views

KLA52554 SB vulnerability in Apache Tomcat

Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 9.0.80 Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 10.1.13 Exploitation Malware exis...

6.1CVSS6.6AI score0.05972EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/07/25 8:54 p.m.43 views

CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

3.7CVSS5.6AI score0.0088EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/17 9:35 a.m.15 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

6.8AI score
Exploits0Affected Software1
NVD
NVD
added 2023/06/14 8:15 a.m.26 views

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

7.5CVSS7.4AI score0.02005EPSS
Exploits0References5
Rows per page
Query Builder