Lucene search
+L

279 matches found

CVE
CVE
added 2023/11/29 7:57 p.m.49 views

CVE-2023-44383

Summary: CVE-2023-44383 affects October CMS versions affected by stored XSS when SVGs are uploaded to the Media Manager. What’s affected: October CMS (versions 3.0–3.5.x per sources) where the media manager stores SVG files. Root cause: Inadequate validation/ sanitization of uploaded SVG content ...

5.4CVSS5.2AI score0.0041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/25 7:29 p.m.41 views

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

9CVSS9.6AI score0.01741EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/10/05 12:0 a.m.8 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to memory access after it is freed, allows attackers to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the access to memory after it has been freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.9AI score0.00844EPSS
Exploits0References11Affected Software12
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.35 views

Oracle Essbase Multiple Vulnerabilities (October 2022 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2022 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in Oracle Essbase component: Build cURL. The supported version that is affecte...

8.5CVSS7.1AI score0.97906EPSS
Exploits10References4
BDU FSTEC
BDU FSTEC
added 2023/08/08 12:0 a.m.7 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, macOS, watchOS, Safari browser allows a perpetrator to execute arbitrary code.

The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.01102EPSS
Exploits0References11Affected Software10
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.7 views

The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS8.2AI score0.00504EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.7 views

The vulnerability in the web platform used for creating ZKBio Access lVS control and access management systems stems from errors in processing the relative path to the catalog. This allows a hacker to gain access to and read arbitrary files.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files...

7.8CVSS7.3AI score0.00603EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

ZKTeco BioAccess IVS SQL Injection Vulnerability

ZKTeco BioAccess IVS is a lite Web-based security platform from China-based ZKTeco. A SQL injection vulnerability exists in ZKTeco BioAccess IVS v3.3.1, which originates from allowing an authenticated user to inject arbitrary SQL commands and execute arbitrary SQL commands...

9.8CVSS8.3AI score0.00504EPSS
Exploits0References3
CVE
CVE
added 2023/07/18 8:22 p.m.52 views

CVE-2023-37897

Grav SSTI CVE-2023-37897 affects Grav’s Twig engine due to a denial-list bypass introduced in the fix for a prior SSTI vulnerability. The isDangerousFunction() function returns false when a backslash is found, allowing payloads such as {{ ['id'] | map('\system') | join() }} to bypass the denylist...

8.8CVSS8AI score0.02785EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/18 8:22 p.m.25 views

CVE-2023-37897 Server-side Template Injection (SSTI) in grav

Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection SSTI vulnerability. The fix for another SSTI vulnerability using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value fr...

7.2CVSS8.7AI score0.02785EPSS
Exploits1References5
Prion
Prion
added 2023/06/14 11:15 p.m.14 views

Design/Logic Flaw

Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- 1 using unsafe functions that are not...

5.8CVSS7.2AI score0.02074EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/06/14 10:15 p.m.15 views

Remote code execution

Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument...

5.8CVSS7.1AI score0.02074EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/05/25 6:15 p.m.26 views

CVE-2023-30615

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...

6.3CVSS5.9AI score0.00382EPSS
Exploits0References2
CNVD
CNVD
added 2023/05/05 12:0 a.m.17 views

Pimcore Properties Parameter Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 5:15 a.m.31 views

CVE-2023-26123

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...

6.1CVSS6.2AI score0.00584EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.6 views

PT-2023-20504 · Raysan5 · Raylib

Name of the Vulnerable Software and Affected Versions: raysan5/raylib versions prior to 4.5.0 Description: The issue is related to Cross-site Scripting XSS where the SetClipboardText API does not properly escape the character, allowing attacker-controlled input to break out of the string and...

6.1CVSS6.1AI score0.00584EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.6 views

XWiki Platform 跨站请求伪造漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from XWiki France. XWiki Platform suffers from a cross-site request forgery vulnerability that stems from susceptibility to cross-site request forgery CSRF attacks. An attacker could exploit the vulnerability ...

7.4CVSS7.1AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2022/11/11 4:15 a.m.14 views

CVE-2022-41892

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

9.8CVSS0.0055EPSS
Exploits0References1
Prion
Prion
added 2022/11/11 4:15 a.m.15 views

Sql injection

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

7.5CVSS9.3AI score0.0055EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/11 4:15 a.m.22 views

PYSEC-2022-42985

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

9.8CVSS7.5AI score0.0055EPSS
Exploits0References1
Rows per page
Query Builder