Lucene search
K

114 matches found

CNNVD
CNNVD
added 2023/03/13 12:0 a.m.3 views

WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2023/03/08 12:15 p.m.2 views

CVE-2023-1267

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1...

9.8CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/02/24 12:0 a.m.6 views

URule 代码问题漏洞

URule is a pure Java rules engine by Gao Jie youseries individual developers. URule v2.1.7 version has a security vulnerability, the vulnerability stems from the existence of XML external entity XXE vulnerability, an attacker can be exploited to exploit the vulnerability by the carefully crafted...

9.8CVSS8.8AI score0.01192EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.3 views

Lancet 路径遍历漏洞

Lancet is a comprehensive, efficient and reusable go utility library by DuDaoDong's personal developer. A path traversal vulnerability exists in Lancet v1.9.02.001 versions 2.1.10 and 1.3.4, which stems from a ZipSlip issue when extracting files using the fileutil package...

8.8CVSS7.8AI score0.00793EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.6 views

ftcms 跨站请求伪造漏洞

ftcms is a content management system from ftcms, Inc. A security vulnerability exists in ftcms version 2.1, which stems from a vulnerability in its News.php page that allows an attacker to spoof a link and trick others into clicking on a malicious link or accessing a page that contains attack cod...

8.8CVSS7.9AI score0.00349EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.5 views

PT-2022-11320 · Unknown · Validate-Color

Name of the Vulnerable Software and Affected Versions: validate-color version 2.1.0 Description: A Regular Expression Denial of Service ReDOS issue was found in the handling of crafted invalid rgba strings. Recommendations: For version 2.1.0, at the moment, there is no information about a newer...

7.5CVSS7.3AI score0.0112EPSS
Exploits1References3
OSV
OSV
added 2022/06/14 4:15 p.m.5 views

CVE-2022-30931

Employee Leaves Management System ELMS V 2.1 is vulnerable to Cross Site Request Forgery CSRF via /myprofile.php...

6.5CVSS6.6AI score0.00503EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.7 views

Microsoft Windows Kernel 安全漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. The following products and versions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based...

5.5CVSS6.8AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:21 p.m.3 views

GHSA-VW57-55F8-C73Q Mattermost Server allows XSS via CSRF

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF...

6.1CVSS6.3AI score0.00341EPSS
Exploits0References3
OSV
OSV
added 2022/05/21 12:15 a.m.4 views

UBUNTU-CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

7.5CVSS7.1AI score0.01484EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/12/01 8:15 p.m.2 views

CVE-2021-43137

Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover...

8.8CVSS7.2AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/01 12:0 a.m.4 views

PT-2021-23750 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: hostel management system version 2.1 Description: The issue concerns Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerabilities. These vulnerabilities exist via the name field in the "my-profile.php" page. By chaining these...

8.8CVSS8.4AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2021/08/16 8:15 a.m.4 views

PYSEC-2021-122

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS6.5AI score0.04022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/02 12:0 a.m.4 views

PT-2021-11705 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.0 through 2.0.4 Harbor versions 2.1.x through 2.1.1 Description: The catalog's registry API is exposed on an unauthenticated path, allowing bypass of authorization. The vulnerable API endpoint is "GET /v2/ catalog/" which ca...

5.3CVSS7.6AI score0.00722EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.9 views

Siemens Mendix Cross-Site Scripting Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration capabilities. A cross-site scripting vulnerability exists in Mendix SSO version 2.1.1 and prior versions, which stems from improper HTML...

6.1CVSS6.2AI score0.00715EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/11/04 1:25 a.m.5 views

freerdp: Integer overflow in VIDEO channel

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the serve...

6.9CVSS6AI score0.01349EPSS
Exploits0References4
OSV
OSV
added 2020/05/29 8:15 p.m.2 views

DEBIAN-CVE-2020-11043

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfxprocessmessagetileset. Invalid data fed to RFX decoder results in garbage on screen as colors. This has been patched in 2.1.0...

2.7CVSS6.7AI score0.01907EPSS
Exploits0References1
OSV
OSV
added 2020/05/29 7:15 p.m.2 views

UBUNTU-CVE-2020-11038

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the serve...

6.9CVSS7.2AI score0.01349EPSS
Exploits0References3
CNVD
CNVD
added 2019/10/29 12:0 a.m.2 views

Magento Input Validation Error Vulnerability (CNVD-2019-44999)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An input validation error vulnerability exists in Magento versions 2.3.1 before 2.3, 2.2.8 before 2.2, and 2.1.17...

6.5CVSS6.9AI score0.01881EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.5 views

PT-2019-7492 · Pippin Williamson · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

6.1CVSS6.1AI score0.00923EPSS
Exploits0References4
Rows per page
Query Builder