Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.7 views

CVE-2022-28599

A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...

5.4CVSS4.8AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.6 views

CVE-2021-38705

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery CSRF. A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary...

8.8CVSS6.9AI score0.00769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.7 views

CVE-2021-21934

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imeifilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

7.7CVSS7.3AI score0.01144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.10 views

CVE-2020-5296

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...

6.2CVSS6.5AI score0.01429EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 a.m.5 views

CVE-2019-8132

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard...

5.4CVSS5.3AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.6 views

CVE-2019-6641

On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack...

6.5CVSS6.7AI score0.02045EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/18 2:50 p.m.31 views

CVE-2025-2950 IBM i improper HTTP header neutralization

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...

5.4CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 8:42 a.m.20 views

CVE-2025-3578 Adversarial Input Handling Vulnerability in AiDex

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the...

9.3CVSS0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 3:22 p.m.7 views

CVE-2024-56477

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.5AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:39 p.m.12 views

CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS6.6AI score0.05444EPSS
Exploits4References1
NVD
NVD
added 2025/01/21 6:15 p.m.13 views

CVE-2024-54792

A Cross-Site Request Forgery CSRF vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users...

6.1CVSS0.00281EPSS
Exploits4References2
OSV
OSV
added 2021/08/09 10:15 a.m.3 views

CVE-2021-37215

The employee management page of Flygo contains an Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter...

4.3CVSS5.8AI score0.00677EPSS
Exploits0References1
OSV
OSV
added 2021/06/14 2:15 p.m.6 views

CVE-2021-24356

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites...

8.8CVSS7.4AI score0.02997EPSS
Exploits3References2
CNVD
CNVD
added 2019/10/17 12:0 a.m.2 views

Bolt CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-36972)

Bolt CMS is a PHP-based open source content management system for the Bolt community. Bolt CMS cross-site request forgery vulnerability, an attacker can exploit the vulnerability in the user has logged into the target site , to induce the user to visit an attack page , to take advantage of the...

6.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/02/23 12:0 a.m.17 views

GLSA-200502-29 : Cyrus IMAP Server: Multiple overflow vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-29 Cyrus IMAP Server: Multiple overflow vulnerabilities Possible single byte overflows have been found in the imapd annotate extension and mailbox handling code. Furthermore stack-based buffer overflows have been found in...

7.5CVSS6.4AI score0.04244EPSS
Exploits0References3
Exploit DB
Exploit DB
added 1999/12/02 12:0 a.m.29 views

Cat Soft Serv-U FTP Server 2.5a - SITE PASS Denial of Service

source: https://www.securityfocus.com/bid/859/info If the Serv-U FTP server receives an overly long argument to the SITE PASS command, it will crash. To issue this command, an attacker must be already logged in as an authenticated user, including an 'anonymous' user...

7AI score
Exploits0
Rows per page
Query Builder