Lucene search
+L

193 matches found

ATTACKERKB
ATTACKERKB
added 2022/08/29 2:15 p.m.2 views

CVE-2022-35018

Advancecomp v2.3 was discovered to contain a segmentation fault...

5.5CVSS5.9AI score0.00427EPSS
Exploits1References6
OSV
OSV
added 2022/08/19 5:15 p.m.4 views

CVE-2022-36577

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...

8.8CVSS5.8AI score0.0035EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.6 views

PT-2022-4147 · Siemens · Scalance W-700 +9

Name of the Vulnerable Software and Affected Versions: SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1 SCALANCE W-700 IEEE...

9CVSS5.4AI score0.0081EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/06 1:15 p.m.2 views

CVE-2021-31677

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords...

6.5CVSS6.7AI score0.00561EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.6 views

PESCMS 跨站请求伪造漏洞

PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to delete the accounts of admin and other members...

6.5CVSS6.6AI score0.00536EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.3 views

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...

9.8CVSS6AI score0.01026EPSS
Exploits1References2
OSV
OSV
added 2022/05/14 3:57 a.m.1 views

GHSA-QF2H-H3XQ-J93J Jenkins allows Remote Users to Inject Build Parameters

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS6.9AI score0.02124EPSS
Exploits0References8
OSV
OSV
added 2022/04/27 9:15 p.m.3 views

DEBIAN-CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

6.1CVSS6AI score0.01688EPSS
Exploits1References1
OSV
OSV
added 2021/10/19 1:15 p.m.6 views

CVE-2021-38478

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...

9.1CVSS5.8AI score0.01091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/10/07 8:12 p.m.5 views

CVE-2021-38480

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

9.6CVSS7.1AI score0.00527EPSS
Exploits0References2
OSV
OSV
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2021/07/06 3:15 p.m.5 views

DEBIAN-CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

7.5CVSS7.3AI score0.02199EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.5 views

WordPress plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A PHP object injection vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

8.8CVSS5.7AI score0.01967EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.5 views

PT-2021-2951 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a lack of protection for SQL query structures in the Magento Commerce platform, which can be...

9.1CVSS8.3AI score0.02772EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2020/12/10 7:7 p.m.7 views

c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2020-26268 via tensorflow-cpu (=2.3.1)

tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2020-26268 Source advisory: OSV:GHSA-HHVC-G5HV-48C6...

4.4CVSS5.8AI score0.00203EPSS
Exploits1
CNVD
CNVD
added 2020/11/25 12:0 a.m.7 views

News Script PHP Pro Cross-Site Scripting Vulnerability

News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site scripting vulnerability exists in News Script PHP Pro 2.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the editorname parameter...

6.1CVSS6.4AI score0.00859EPSS
Exploits0References1
PyPA
PyPA
added 2020/09/25 7:15 p.m.8 views

PYSEC-2020-122

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

5.9CVSS7AI score0.00805EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/09/25 6:40 p.m.4 views

CVE-2020-15199

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

5.9CVSS6.9AI score0.00805EPSS
Exploits1
CNVD
CNVD
added 2019/12/30 12:0 a.m.8 views

stb_image.h Assertion Failure Vulnerability

libsixel is a package that provides an encoding/decoding implementation for DEC SIXEL graphics and other converter programs. stbimage.h is an image library. A security vulnerability exists in stbimage.h version 2.23 used in libsixel and other products. No details of the vulnerability are provided...

6.5CVSS6.9AI score0.00935EPSS
Exploits1References1
CNVD
CNVD
added 2019/11/21 12:0 a.m.6 views

IBM Cloud Pak System Client Authentication Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak System version V2.3.0. An...

6.7AI score
Exploits0References1
Rows per page
Query Builder