Lucene search
K

126 matches found

Apache Tomcat
Apache Tomcat
added 2023/08/25 12:0 a.m.131 views

Fixed in Apache Tomcat 9.0.80

Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit 77c0ce2d. This issue was reported ...

6.1CVSS6.6AI score0.05972EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/05/24 10:31 a.m.23 views

CVE-2023-2865 SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file printticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate...

6.5CVSS9.9AI score0.00726EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2023/05/13 10:34 a.m.12 views

formigal-panticosa.com Cross Site Scripting vulnerability OBB-3329859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.4 views

PT-2023-16736 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.5 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab due to improper permissions checks, allowing an unauthorized user to remove an...

4.3CVSS4.2AI score0.00407EPSS
Exploits0References10
NVD
NVD
added 2022/12/22 8:15 p.m.16 views

CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

6.1CVSS0.00406EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 12:0 p.m.3 views

GHSA-MR77-4PM4-X9VM Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module before 6.0.12 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag...

6.1CVSS6.2AI score0.0115EPSS
Exploits0References6
OSV
OSV
added 2022/10/17 12:15 p.m.1 views

BELL-CVE-2022-3541 CVE-2022-3541 does not affect BellSoft software

Bulletin has no description...

7.8CVSS7.3AI score0.00334EPSS
Exploits0References1
OpenWrt
OpenWrt
added 2022/10/17 12:0 a.m.156 views

Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)

DESCRIPTION Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version. These vulnerabilities are in the multi BSSID MBSSID...

8.8CVSS8.8AI score0.03763EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/09/16 9:25 p.m.3 views

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35995 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35995 Source advisory: OSV:GHSA-G9H5-VR8M-X2H4...

7.5CVSS7.1AI score0.00396EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/14 5:3 p.m.5 views

CVE-2022-29922 A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the...

7.5CVSS7.5AI score0.00672EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.5 views

ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +7525 more potentially affected by CVE-2021-22096 via org.springframework:spring-core (>=5.2.0.RELEASE <=5.2.17.RELEASE)

org.springframework:spring-core MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.0.RELEASE, =2.3.1.RELEASE and more Source cves:...

4.3CVSS6.6AI score0.01268EPSS
Exploits0
OSV
OSV
added 2022/04/29 5:15 p.m.1 views

BELL-CVE-2021-4207 CVE-2021-4207 does not affect BellSoft software

Bulletin has no description...

8.2CVSS5.8AI score0.00399EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2022/04/01 10:32 p.m.13 views

chartes.psl.eu Cross Site Scripting vulnerability OBB-2459972

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/03/14 12:0 a.m.133 views

Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)

According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 9000 Series Switches is affected by a denial of service vulnerability. The vulnerability exists in the rate limiter for Bidirectional Forwarding Detection BFD traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series...

8.6CVSS7.7AI score0.12345EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/02/09 6:28 p.m.3 views

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-21726 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-21726 Source advisory: OSV:GHSA-23HM-7W47-XW72...

8.8CVSS7.2AI score0.00818EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2022/01/15 5:10 p.m.24 views

blog.stellantisnorthamerica.com Cross Site Scripting vulnerability OBB-2336959

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2021/12/26 1:15 a.m.2 views

CVE-2021-45507

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and...

9.8CVSS5.8AI score0.01418EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/12/15 12:0 a.m.22 views

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2021)

This host is missing a critical security update according to Microsoft Office Click-to-Run updates SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.8CVSS6AI score0.05056EPSS
Exploits0References1
OSV
OSV
added 2021/12/09 12:0 a.m.25 views

GHSA-R562-M862-63W3 APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

7.8CVSS7.8AI score0.00208EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2021/08/11 6:39 a.m.17 views

CVE-2021-22923 affecting package curl 7.76.0-9

CVE-2021-22923 affecting package curl 7.76.0-9. A patched version of the package is available...

5.3CVSS9.9AI score0.01843EPSS
Exploits1
Rows per page
Query Builder