Lucene search
K

279 matches found

CNNVD
CNNVD
added 2025/02/12 12:0 a.m.10 views

Loggrove 命令注入漏洞

Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...

6.5CVSS6.9AI score0.01362EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/02/10 12:0 a.m.243 views

CMU CERT/CC VINCE 2.0.6 Cross Site Scripting

Carnegie Mellon University CERT/CC VINCE version 2.0.6 framework suffers from an authenticated stored cross site scripting vulnerability. Input passed to the content POST parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code...

6.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/02/10 12:0 a.m.264 views

CMU CERT/CC VINCE v2.0.6 Stored XSS

Summary VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. Description The framework suffers from an authenticated stored cross-site scripting...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 11:39 p.m.6 views

CVE-2022-41892

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

9.8CVSS7.2AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:25 p.m.9 views

CVE-2024-52475

Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...

9.8CVSS7.2AI score0.01825EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.4 views

WUZHI CMS 代码问题漏洞

WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code issue vulnerability exists in WUZHI CMS version 4.1.0, which stems from the parameter sphinxhost/sphinxport being susceptible to server-side request forgery attacks...

5.3CVSS5.1AI score0.00478EPSS
Exploits1References1
NVD
NVD
added 2024/11/28 11:15 a.m.25 views

CVE-2024-52475

Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...

9.8CVSS0.01825EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/28 10:34 a.m.228 views

CVE-2024-52475 WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through 3.0.18...

9.8CVSS0.01825EPSS
Exploits0References1
CVE
CVE
added 2024/11/28 10:34 a.m.63 views

CVE-2024-52475

CVE-2024-52475 refers to the WordPress Wawp plugin (

9.8CVSS7.2AI score0.01825EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.4 views

PT-2024-35315 · Unknown · Automation Web Platform Wawp

Name of the Vulnerable Software and Affected Versions: Automation Web Platform Wawp versions prior to 3.0.18 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in the Automation Web Platform Wawp. This vulnerability allows authentication...

9.8CVSS9.5AI score0.01825EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/11/18 12:0 a.m.7 views

The vulnerability of the final point of the Splunk Enterprise data model/web REST platform for operational analysis allows a malicious actor to trigger a service failure.

The vulnerability of the final point of the Splunk Enterprise data model/web REST platform for operational analysis is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially creat...

6.8CVSS5.7AI score0.00687EPSS
Exploits1References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.14 views

RHEL 5 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1803)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1803 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and ric...

5.8CVSS5.6AI score0.03201EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.13 views

RHEL 5 : JBoss Enterprise Web Platform 5.1.0 (RHSA-2010:0961)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0961 advisory. The Enterprise Web Platform is for mid-size workloads, focusing on light and rich Java applications. Web Platform is a slimmed down profile of the...

2.6CVSS5.5AI score0.02611EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.14 views

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/10/18 12:0 a.m.6 views

The vulnerability of the mp_box_deserialize_string component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the mpboxdeserializestring component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially...

7.8CVSS7.3AI score0.00905EPSS
Exploits1References5Affected Software3
OSV
OSV
added 2024/09/29 4:46 p.m.21 views

RHSA-2014:1728 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update

Bulletin has no description...

4.3CVSS7.3AI score0.08863EPSS
Exploits0References7
OSV
OSV
added 2024/09/29 4:43 p.m.19 views

RHSA-2013:0874 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update

Bulletin has no description...

6.4CVSS5.5AI score0.06322EPSS
Exploits0References10
OSV
OSV
added 2024/09/29 4:35 p.m.18 views

RHSA-2013:0197 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

Bulletin has no description...

10CVSS6.5AI score0.15561EPSS
Exploits7References63
OSV
OSV
added 2024/09/29 4:35 p.m.23 views

RHSA-2013:0196 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

Bulletin has no description...

10CVSS6.5AI score0.15561EPSS
Exploits7References63
OSV
OSV
added 2024/09/29 4:30 p.m.14 views

RHSA-2011:1804 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update

Bulletin has no description...

5.8CVSS6.1AI score0.03201EPSS
Exploits1References10
Rows per page
Query Builder