Lucene search
K

537 matches found

CNNVD
CNNVD
added 2022/12/31 12:0 a.m.3 views

Keynote 跨站脚本漏洞

Keynote is a flexible Rails presenter from Ryan Fitzgerald Personal Developer. A cross-site scripting vulnerability exists in Keynote version 0.x and prior versions, which stems from incorrect manipulation of the parameter value leading to cross-site scripting...

6.1CVSS4.3AI score0.00682EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.4 views

AeroCMS 路径遍历漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from vulnerability to directory traversal attacks, which can be exploited by attackers to obtain sensitive information...

7.5CVSS7.4AI score0.01416EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.4 views

py7zr 路径遍历漏洞

py7zr is a library and utility program by the individual developer Hiroshi Miura. It supports compression, decompression, encryption and decryption of 7zip archives written in the Python programming language. A security vulnerability exists in py7zr version v0.20.0 and earlier versions. An attack...

9.1CVSS8.4AI score0.02242EPSS
Exploits3References7
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.3 views

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...

4.9CVSS7.8AI score0.00775EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.4 views

WordPress plugin Mantenimiento Web 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Mantenimiento Web 0.13 and earlier versions are vulnerable to cross-site request forgery,...

6.1CVSS6.5AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.3 views

CVE-2022-44051

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0...

9.8AI score0.01012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.7 views

PT-2022-27091 · Pypi · D8S-Networking +2

Name of the Vulnerable Software and Affected Versions: d8s-networking version 0.1.0 d8s-htm version 0.1.0 Description: The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by thi...

9.8CVSS9.6AI score0.00991EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/10/31 3:54 p.m.4 views

CVE-2022-38075

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Mantenimiento web plugin = 0.13 on WordPress...

6.1CVSS6.4AI score0.00216EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.7 views

PT-2022-20682 · WordPress · Search Logger

Name of the Vulnerable Software and Affected Versions: Search Logger WordPress plugin versions 0.9 and earlier Description: The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be...

7.2CVSS7.1AI score0.00921EPSS
Exploits2References4
PyPA
PyPA
added 2022/10/11 10:15 p.m.5 views

PYSEC-2022-43040

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2022/10/11 10:15 p.m.4 views

PYSEC-2022-43022

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/10/11 10:15 p.m.5 views

PYSEC-2022-43030

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7.2AI score0.01168EPSS
Exploits1References3
OSV
OSV
added 2022/10/11 10:15 p.m.5 views

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

9.8CVSS7.2AI score0.0483EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.4 views

PT-2022-25833 · Pypi · Democritus-File-System +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. Recommendations: For...

9.8CVSS9.5AI score0.01168EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.3 views

wasm3 缓冲区错误漏洞

wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A buffer error vulnerability exists in wasm3 version v0.5.0, which stems from the opSelecti32sr component containing a segmentation error...

7.5CVSS7.4AI score0.00762EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/19 4:15 p.m.2 views

CVE-2022-40430

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7.3AI score0.0099EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/19 4:15 p.m.2 views

CVE-2022-38882

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS5.8AI score0.01187EPSS
Exploits1References4
OSV
OSV
added 2022/09/19 4:15 p.m.1 views

PYSEC-2022-43076

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/19 3:15 p.m.3 views

CVE-2022-40808

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7.3AI score0.0099EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.3 views

PT-2022-37368 · Pypi · D8S-Dates +1

Name of the Vulnerable Software and Affected Versions: d8s-dates version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-dates package for python, distributed on PyPI. The backdoor is related to the democritus-hypothesis package. Recommendations:...

9.8CVSS7AI score
Exploits0References3
Rows per page
Query Builder