Lucene search
K

24 matches found

OSV
OSV
added 2026/06/21 8:16 p.m.3 views

UBUNTU-CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

6.3CVSS6.4AI score0.00279EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS6.4AI score0.01149EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.7 views

CVE-2022-31299

Haraj v3.7 was discovered to contain a reflected cross-site scripting XSS vulnerability in the User Upgrade Form...

6.1CVSS6.1AI score0.04731EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2025/12/13 4:16 p.m.3 views

CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.7 views

CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

5.4CVSS5.2AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.8 views

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

9.8CVSS7.2AI score0.00756EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.8 views

CVE-2023-41887

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue...

9.8CVSS7.9AI score0.45473EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.4 views

CVE-2023-27779

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form...

9.8CVSS8.3AI score0.00984EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 p.m.8 views

CVE-2020-23735

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges...

7.8CVSS7AI score0.00307EPSS
Exploits0
CVE
CVE
added 2025/04/28 12:0 a.m.78 views

CVE-2025-46614

The CVE-2025-46614 issue affects the Snowflake ODBC Driver prior to 3.7.0, where certain code paths log the entire SQL query at INFO level, enabling potential exposure of sensitive information. This vulnerability has a low base score (CVSS 3.1: 3.3) with LOCAL, LOW impact on confidentiality and n...

3.3CVSS7.7AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 9:15 p.m.10 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS0.00403EPSS
Exploits1References3
NVD
NVD
added 2025/04/15 7:16 p.m.13 views

CVE-2025-29213

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...

5.5CVSS0.00297EPSS
Exploits1References1
CVE
CVE
added 2025/04/15 12:0 a.m.54 views

CVE-2024-44843

CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...

5.9CVSS8AI score0.00403EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/04/15 12:0 a.m.58 views

CVE-2025-29213

CVE-2025-29213 affects JeeWMS v3.7 in the service migrate module, specifically the MigrateForm.java component. The vulnerability is a zip-slip flaw that can lead to arbitrary code execution when processing crafted ZIP files. Documents consistently name the vulnerable path as \service\migrate\Migr...

5.5CVSS7.4AI score0.00297EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/05 9:1 p.m.11 views

CVE-2025-27500

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...

8.2CVSS6.3AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

WordPress plugin LTL Freight Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.5CVSS8AI score0.00956EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/12/06 1:7 p.m.20 views

CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...

9.3CVSS0.00449EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.5 views

OpenText NetIQ Privileged Account Manager 安全漏洞

OpenText NetIQ Privileged Account Manager is a customer management software from OpenText Canada. A security vulnerability exists in OpenText NetIQ Privileged Account Manager versions prior to 3.7.0.1, which originates from a cookie that is set when a token is successfully issued, which allows...

8.7CVSS6.7AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2024/07/16 12:0 a.m.6 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

9.8CVSS8.2AI score0.0051EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

5.3CVSS6.6AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder