Lucene search
K

852 matches found

OSV
OSV
added 2025/07/28 7:57 p.m.6 views

GO-2025-3807 Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast...

7.5AI score
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-35939

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with...

6.9CVSS5.9AI score0.01119EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/27 4:52 a.m.6 views

Server Side Request Forgery (SSRF)

dotnetnuke.siteexportimport is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation where the SuperUser to specify an external URL during site export, which allows an attacker to import arbitrary data from external sources into the system...

3.5CVSS6.7AI score0.00214EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.5 views

CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

9CVSS7.4AI score0.00538EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.6 views

CVE-2024-10861

The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 4.9.7. This makes it possible for...

5.3CVSS6.9AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:30 a.m.9 views

CVE-2024-20882

Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...

4.6CVSS6.6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.5 views

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

4.3CVSS5.1AI score0.00477EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.7 views

CVE-2023-47444

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server...

8.8CVSS7.8AI score0.01779EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:7 p.m.7 views

CVE-2021-45909

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer...

7.8CVSS7.2AI score0.00867EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.22 views

CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6.8AI score0.02076EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.6 views

CVE-2020-22061

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140...

7.8CVSS7.3AI score0.00318EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 p.m.6 views

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

10CVSS7AI score0.11576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.6 views

CVE-2020-25250

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs...

7.5CVSS7.1AI score0.00908EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:58 p.m.10 views

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

5.3CVSS7.2AI score0.01061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 a.m.5 views

CVE-2019-9748

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompressnlabel in mdns.c and a crash of the server depending on the memory protection...

9.4CVSS7AI score0.02418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 a.m.6 views

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

9.8CVSS7.1AI score0.01295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 a.m.4 views

CVE-2010-1004

SQL injection vulnerability in the Yet another TYPO3 search engine YATSE extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.7AI score0.01051EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.2 views

Siemens Polarion 代码问题漏洞

Siemens Polarion is a suite of application lifecycle management software from Siemens, Germany. The software supports end-to-end enterprise application development on a unified, modular, browser-based software environment. A code issue vulnerability exists in Siemens Polarion that stems from an X...

7.1CVSS7.2AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/18 12:0 a.m.3 views

Patient Record Management System edit_dpatient.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the /editdpatient.php file. An attacker can exploit...

8.8CVSS8.2AI score0.00443EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/08 2:27 p.m.6 views

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition...

6.1CVSS7AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder