Lucene search
K

45 matches found

CNNVD
CNNVD
added 2024/01/31 12:0 a.m.3 views

openBI Code Issues Vulnerabilities

openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...

9.8CVSS6.9AI score0.00769EPSS
Exploits0References4
Snyk
Snyk
added 2023/10/13 9:30 a.m.2 views

Server-side Request Forgery (SSRF)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An attacker can read files outside the application's path boundary by forcing...

8.2CVSS7.4AI score0.00639EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/09/13 4:9 p.m.2 views

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

9.8CVSS7.3AI score0.01122EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2023/07/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-35078

Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...

10CVSS7.4AI score0.99999EPSS
Exploits14References1
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.4 views

KiteCMS 安全漏洞

KiteCMS is a website CMS. A security vulnerability exists in KiteCMS version 1.1, which stems from an incorrect access control issue that can be exploited by a remote attacker to view sensitive information via a path in the application URL...

7.5CVSS7.4AI score0.00887EPSS
Exploits1References2
OSV
OSV
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS5.9AI score0.01453EPSS
Exploits0References2
NVD
NVD
added 2022/07/27 3:15 p.m.33 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS0.01453EPSS
Exploits0References2
OSV
OSV
added 2022/05/20 3:40 p.m.20 views

CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...

3.5CVSS4.6AI score0.01013EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/05/20 3:40 p.m.7 views

CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...

3.5CVSS5AI score0.01013EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.5 views

Nextcloud信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that originates when the full path of an application is exposed to an unauthorized user...

4.3CVSS5.1AI score0.01013EPSS
Exploits1References5
OSV
OSV
added 2022/04/10 9:15 p.m.6 views

CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...

6.5CVSS6.7AI score0.00677EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/07 12:0 a.m.3 views

Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21813)

CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain the full application path and...

5.3CVSS6.8AI score0.00963EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.25 views

CVE-2020-11591

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...

5.4AI score0.00963EPSS
Exploits1References1
Prion
Prion
added 2020/03/25 5:15 p.m.16 views

Code injection

DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...

7.2CVSS7.8AI score0.00601EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2019/12/18 2:15 p.m.29 views

CVE-2019-19235

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...

7CVSS7.2AI score0.00383EPSS
Exploits0References3
Prion
Prion
added 2019/12/18 2:15 p.m.22 views

Code injection

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...

6.9CVSS7.1AI score0.00383EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/12/18 1:6 p.m.27 views

CVE-2019-19235

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...

7.2AI score0.00383EPSS
Exploits0References3
CNVD
CNVD
added 2019/04/26 12:0 a.m.1 views

DLL Hijacking Vulnerability in Display Control Remote HMI

Shenzhen Xianzhong Technology is a national high-tech enterprise specializing in the research and development, production, sales and service of Industry 4.0 core products. There is a dll hijacking vulnerability in Remote HMI. Attackers can construct a malicious application placed in a specific...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/10/30 12:0 a.m.2 views

dll hijacking vulnerability in Yisetron Data Security Guard

Yisetong Data Security Guard is a security product that specializes in preventing your private data assets from being illegally stolen or used by others in the process of sharing and storing. A dll hijacking vulnerability exists in Yisetone Data Safeguard. The vulnerability is due to an unsafe...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/08/05 1:59 a.m.29 views

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

4.7CVSS6.9AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder