Lucene search
K

86 matches found

Prion
Prion
added 2023/01/06 10:15 a.m.20 views

Path traversal

A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The nam...

5CVSS5.5AI score0.00655EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/01/06 12:0 a.m.22 views

Improper Restriction of XML External Entity Reference

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

9.8CVSS3.2AI score0.00731EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/01/05 7:15 p.m.23 views

CVE-2014-125044 soshtolsus wing-tight index.php file inclusion

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this...

6.5CVSS9.7AI score0.00826EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/05 11:49 a.m.50 views

CVE-2017-20162 vercel ms index.js parse redos

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

4.3CVSS5.8AI score0.00981EPSS
Exploits1References5
Prion
Prion
added 2023/01/05 9:15 a.m.14 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/installform.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely...

5.8CVSS6AI score0.00507EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/05 9:9 a.m.38 views

CVE-2020-36640 bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

5.5CVSS9.6AI score0.00764EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/04 10:2 p.m.27 views

CVE-2022-4876 Kaltura mwEmbed DefaultSettings.php cross site scripting

A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTPXFORWARDEDHOST leads to cross site scripting. The attack may be initiated remotely...

4CVSS6.2AI score0.0051EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/04 9:14 p.m.35 views

CVE-2021-4300 ghostlander Halcyon Block Verification main.cpp AddToBlockIndex access control

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched...

6.5CVSS9.8AI score0.00658EPSS
Exploits0References4
Prion
Prion
added 2023/01/02 4:15 p.m.14 views

Code injection

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

7.5CVSS8AI score0.0086EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/01/01 7:15 p.m.18 views

CVE-2021-4297

A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runspost of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is...

9.8CVSS6.7AI score0.00627EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/29 8:8 a.m.26 views

CVE-2021-4295 ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. T...

5.5CVSS9.8AI score0.00716EPSS
Exploits0References5
Prion
Prion
added 2022/12/28 12:15 p.m.10 views

Cross site scripting

A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this...

5.8CVSS6AI score0.0053EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/12/27 3:15 p.m.21 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation...

5.8CVSS6.1AI score0.00879EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/12/25 7:20 p.m.28 views

CVE-2020-36630 FreePBX cdr Cdr.class.php ajaxHandler sql injection

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...

5.5CVSS10AI score0.00679EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/25 3:53 p.m.36 views

CVE-2021-4278 cronvel tree-kit prototype pollution

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...

5.5CVSS7.9AI score0.00427EPSS
Exploits0References4
Prion
Prion
added 2022/12/22 10:15 a.m.18 views

Design/Logic Flaw

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

5.8CVSS6.4AI score0.00573EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/12/22 12:30 a.m.18 views

GHSA-6M4H-HFPP-X8CX docconv OS Command Injection vulnerability

A vulnerability was found in docconv prior to version 1.2.1. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdfocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to...

9.8CVSS9.9AI score0.01734EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/12/22 12:30 a.m.35 views

docconv OS Command Injection vulnerability

A vulnerability was found in docconv prior to version 1.2.1. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdfocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to...

9.8CVSS9.6AI score0.01734EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2022/12/21 12:0 a.m.26 views

CVE-2021-4269 SimpleRisk common.js checkAndSetValidation cross site scripting

A vulnerability has been found in SimpleRisk and classified as problematic. This vulnerability affects the function checkAndSetValidation of the file simplerisk/js/common.js. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

3.5CVSS6.2AI score0.00468EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/21 12:0 a.m.18 views

CVE-2022-4642 tatoeba2 Profile Name cross site scripting

A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

3.5CVSS5.5AI score0.00508EPSS
Exploits0References4
Rows per page
Query Builder