Lucene search
+L

200 matches found

redhatcve
redhatcve
added 2025/05/23 6:41 a.m.9 views

CVE-2024-52348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through = 1.0...

6.5CVSS7.2AI score0.00238EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/25 11:51 p.m.6 views

CVE-2025-24583

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References1
nvd
nvd
added 2025/04/17 4:15 p.m.5 views

CVE-2025-24583

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...

6.5CVSS0.00366EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:47 a.m.6 views

CVE-2024-33544

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...

9.3CVSS5.5AI score0.00629EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:45 a.m.12 views

CVE-2024-33546

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...

9.6CVSS5.6AI score0.00529EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:41 a.m.14 views

CVE-2024-33547

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10...

8.8CVSS6.9AI score0.00387EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:34 a.m.6 views

CVE-2024-33549

Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10...

8.8CVSS6.9AI score0.00512EPSS
Exploits0References1
ossf
ossf
added 2024/11/27 6:19 a.m.2 views

Malicious code in aa-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd321f0852dcc9dfd3186bbde3c8ba367be98c8f8f47d93954672d5f7c702bf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
nvd
nvd
added 2024/11/18 10:15 p.m.25 views

CVE-2024-52348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through = 1.0...

6.5CVSS0.00238EPSS
Exploits0References1
cve
cve
added 2024/11/18 9:41 p.m.53 views

CVE-2024-52348

CVE-2024-52348 is an XSS vulnerability in the WordPress plugin AA Audio Player (“aaextention”), described as DOM-based XSS caused by improper input neutralization during web page generation. Affected versions are listed as n/a through 1.0. Public sources in the Connected documents reiterate the s...

6.5CVSS7.2AI score0.00238EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/18 12:0 a.m.3 views

WordPress plugin AA Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.00238EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/18 12:0 a.m.6 views

PT-2024-35189 · Unknown · Aa Audio Player

Name of the Vulnerable Software and Affected Versions: AA Audio Player versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability. This means...

6.5CVSS5.9AI score0.00238EPSS
Exploits0References4
ossf
ossf
added 2024/10/24 10:49 p.m.2 views

Malicious code in viem-aa-sdk-compatible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec68a21bfe31654a412ae6b261f9af4acb88ddd4bf645499f7e6ea15cc3c255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2024/10/24 10:49 p.m.2 views

MAL-2024-10234 Malicious code in viem-aa-sdk-compatible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec68a21bfe31654a412ae6b261f9af4acb88ddd4bf645499f7e6ea15cc3c255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
vulnersosv
vulnersosv
added 2024/10/15 6:49 a.m.6 views

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +3120 more potentially affected by CVE-2024-47874 via starlette (>=0.10.1 <=0.39.2)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2024-47874 Source advisory: SNYK:PYTHON-STARLETTE-8186175...

8.7CVSS7.1AI score0.00658EPSS
Exploits0
vulnersosv
vulnersosv
added 2024/09/16 5:19 p.m.8 views

BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2299 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)

lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2326-PFPJ-VX3H...

5.7AI score
Exploits0
cve
cve
added 2024/07/03 12:0 a.m.54 views

CVE-2024-39220

CVE-2024-39220 affects BAS-IP AV-, AA-, BA-, and CR-02BD products (before firmware v3.9.2). An authenticated attacker can read SIP account passwords via a crafted GET request, exposing SIP credentials (confidentiality impact high). The vulnerability is exploitable over network with low complexity...

6.5CVSS6.7AI score0.0044EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/07/03 12:0 a.m.5 views

Various BAS-IP products Security breaches

BAS-IP AV Series and others are products of BAS-IP Corporation.BAS-IP AV Series is a series of smart personal entrance panels.BAS-IP AA Series is a series of smart apartment entrance panels.BAS-IP BA Series is a series of visual intercom outdoor entrance panels. A security vulnerability exists in...

6.5CVSS6.5AI score0.0044EPSS
Exploits0References3
cve
cve
added 2024/06/21 12:0 a.m.51 views

CVE-2024-37654

CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...

6.1CVSS6.4AI score0.00243EPSS
Exploits0References1
nvd
nvd
added 2024/06/09 12:15 p.m.28 views

CVE-2024-33547

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10...

8.8CVSS0.00387EPSS
Exploits0References1
Rows per page
Query Builder