87 matches found
CVE-2022-21279
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
CVE-2009-5074
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors...
Apple MacOSX Security Update (HT122283)
Apple Mac OS X is prone to an out-of-bounds write vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2016-5689
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks...
Linux Distros Unpatched Vulnerability : CVE-2014-9846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. CVE-2014-9846 Note that...
CVE-2024-21083
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
CVE-2024-21115
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
WordPress SVG Support Plugin < 2.5.8 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:benbodhi:svgsupport"; ifdescription...
Microsoft Edge (Chromium-Based) Spoofing Vulnerability (Jan 2025)
Microsoft Edge Chromium-Based is prone to a spoofing vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02434)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Microsoft .NET Framework RCE Vulnerability (KB5049624)
This host is missing an important security update according to Microsoft KB5049624 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file
Unauthorized Reflected XSS in the Accounting.php file Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...
Magento DOM-based Cross-Site Scripting (XSS) vulnerability
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation o...
GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Lawyer CMS 1.6 Cross Site Scripting
Exploit Title: Lawyer CMS 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/lawyer/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...
Huawei HarmonyOS and EMUI Security Bypass Vulnerability (CNVD-2023-61750)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security bypass vulnerability exists in Huawei...
NodCMS 3.4.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Jenkins Plugin Email Extension 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins Plugin Email Extension. An attacker could exploit the vulnerability to allow...
PT-2023-34764 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue is related to the btrfs function run one delayed ref, which always reports an error. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
PT-2023-34806 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue is related to the io uring/poll component. It was introduced in version v6.0 and fixed in version v6.1.7. The actual impact and attack plausibility have not yet been proven...