Lucene search
K

207 matches found

CNNVD
CNNVD
added 2024/07/12 12:0 a.m.3 views

SeaCMS 安全漏洞

SeaCMS is an open source content management system based on PHP+MySql technology. A security vulnerability exists in the SeaCMS adminweixin.php processing parameter, which can be exploited by an authenticated remote attacker to submit a special request that can be used to execute arbitrary comman...

8.8CVSS7.4AI score0.01165EPSS
Exploits1References2
Veracode
Veracode
added 2024/05/28 4:57 a.m.22 views

Code Injection

pug is vulnerable to Code execution. The vulnerability is due to the lack of proper input validation for the name option in the compileClient, compileFileClient, or compileClientWithDependenciesTracked functions, which allows attackers to execute arbitrary JavaScript code in the context of the...

6.8CVSS7.6AI score0.00491EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/05/06 4:15 p.m.23 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...

7.3CVSS6.5AI score0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 8:15 a.m.10 views

CVE-2024-23914

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MCOpenAssociation function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception...

5.7CVSS7.2AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.4 views

Merative Merge DICOM Toolkit 安全漏洞

The Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions v5.6.0 through v.5.17.0, which stems from an unhandled exception that can be caused when using the...

5.7CVSS6.9AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/20 12:0 a.m.4 views

YonBIP 安全漏洞

YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A file upload vulnerability exists in YonBIP, which can be exploited by an attacker to upload arbitrary files and execute arbitrary code in the...

9.8CVSS7.7AI score0.0099EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2024/01/19 12:0 a.m.14 views

Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

6.3CVSS7.2AI score0.01798EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/01/19 12:0 a.m.13 views

Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

6.3CVSS7.2AI score0.00507EPSS
Exploits0References1
Source Incite
Source Incite
added 2023/11/08 12:0 a.m.260 views

SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS9.8AI score0.80819EPSS
Exploits15
CNVD
CNVD
added 2023/10/07 12:0 a.m.11 views

emlog pro /admin/plugin.php arbitrary file upload vulnerability

emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /admin/plugin.php, which can be exploited by a remote attacker to submit a special request that can upload a malicious file to execute arbitrary code in the application...

9.8CVSS7.9AI score0.19064EPSS
Exploits1References1
CNVD
CNVD
added 2023/10/07 12:0 a.m.16 views

File upload vulnerability in mojoPortal

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...

9.8CVSS7.8AI score0.01395EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2023/09/08 12:0 a.m.19 views

Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method. The issue results from an exposed...

7.5CVSS6.3AI score0.0094EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.3 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States of America Odo than Adobe company's set of rapid application development platform. Adobe ColdFusion suffers from a deserialization code execution vulnerability that can be exploited by a remote attacker to submit a special request to execute arbitrary code in...

9.8CVSS8.2AI score0.65488EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2023/05/24 12:0 a.m.20 views

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Data...

6.1CVSS6.8AI score0.01873EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/06 12:0 a.m.21 views

Schneider Electric IGSS Data Server Integer Overflow Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An integer overflow vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to submit special requests that could crash the...

9.5AI score0.02124EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/02/06 12:0 a.m.33 views

Apache InLong Deserialization Vulnerability (CNVD-2023-25934)

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. Apache InLong suffers from a deserialization vulnerability that can be exploited by a remote attacker to submit a special request and execute arbitrary code in the application context...

9.8CVSS9.6AI score0.01409EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.2 views

Dell EMC Metro node 代码注入漏洞

Dell EMC Metro node is a Dell Dell USA application that removes physical barriers within, across, and between data centers. Dell EMC Metro node code injection vulnerability can be exploited by remote attackers to submit special requests to execute arbitrary OS commands in the application context...

8.8CVSS7.8AI score0.00833EPSS
Exploits0References2
CNVD
CNVD
added 2022/12/19 12:0 a.m.38 views

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2023-05213)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a memory corruption vulnerability that could be exploited by remote attackers to submit special web requests and trick users into parsing them, which could crash the application or execute...

6.2AI score0.00639EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.5 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a memory corruption vulnerability that could be exploited by remote attackers to submit special web requests and trick users into parsing them, which could crash the application or execute...

8.8CVSS9.1AI score0.00639EPSS
Exploits0References11
CNVD
CNVD
added 2022/07/26 12:0 a.m.25 views

H3C Magic R200 Buffer Overflow Vulnerability (CNVD-2022-54322)

H3C Magic R200 is a wireless router device. H3C Magic R200 AJAX/ajaxget processing ajaxmsg parameter has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests that can crash the service or execute arbitrary code in application context...

9.8CVSS7.5AI score0.00992EPSS
Exploits1References1
Rows per page
Query Builder