Lucene search
K

208 matches found

cvelist
cvelist
added 2023/06/09 5:33 a.m.35 views

CVE-2023-1016 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

6.6CVSS7.3AI score0.00971EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2023/05/11 4:15 p.m.52 views

CVE-2023-24540

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.8AI score0.01548EPSS
Exploits0References6
debiancve
debiancve
added 2023/05/11 3:29 p.m.62 views

CVE-2023-24540

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.7AI score0.01548EPSS
Exploits0
f5
f5
added 2023/02/21 6:47 p.m.88 views

K90803619: Linux kernel vulnerability CVE-2016-6136

Security Advisory Description Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerabilit...

4.7CVSS5.7AI score0.00267EPSS
Exploits0Affected Software23
susecve
susecve
added 2023/02/15 5:48 a.m.8 views

SUSE CVE-2012-0471

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set...

4.3CVSS7.8AI score0.02033EPSS
Exploits1References6
susecve
susecve
added 2023/02/15 4:59 a.m.4 views

SUSE CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

5.3CVSS7.2AI score0.00267EPSS
Exploits0References3
code423n4
code423n4
added 2023/02/02 12:0 a.m.24 views

SubprotocolRegistry is vulnerable to malicious names

Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...

6.8AI score
Exploits0
debian
debian
added 2022/10/17 3:54 p.m.83 views

[SECURITY] [DLA 3152-1] glibc security update

Debian LTS Advisory DLA-3152-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne October 17, 2022 https://wiki.debian.org/LTS Package : glibc Version : 2.28-10+deb10u2 CVE ID : CVE-2016-10228 CVE-2019-19126 CVE-2019-25013 CVE-2020-1752 CVE-2020-6096 CVE-2020-10029...

9.8CVSS7.5AI score0.05223EPSS
Exploits6
cnnvd
cnnvd
added 2022/09/20 12:0 a.m.5 views

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set CRS that originates in the Character Set Acceptance header field, which results i...

7.5CVSS7.4AI score0.00771EPSS
Exploits0References7
fedora
fedora
added 2022/07/30 1:55 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36

Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...

5AI score
Exploits0
fedora
fedora
added 2022/07/17 1:15 a.m.24 views

[SECURITY] Fedora 35 Update: golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc35

Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...

9.3CVSS5AI score0.05994EPSS
Exploits4
fedora
fedora
added 2022/07/04 1:35 a.m.18 views

[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc36

Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...

9.3CVSS8.1AI score0.05994EPSS
Exploits4
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.691 views

Better Notifications for WP < 1.8.7 - Email Address Disclosure

The plugin does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one etc.. import sys import string import urllib.parse import...

4.3CVSS0.6AI score0.00423EPSS
Exploits2
openvas
openvas
added 2021/07/07 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for python-rtslib (EulerOS-SA-2021-2164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.8AI score0.0239EPSS
Exploits0References2
osv
osv
added 2020/03/17 3:15 p.m.3 views

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

6.1CVSS6.4AI score0.00641EPSS
Exploits0References1
nvd
nvd
added 2020/03/17 3:15 p.m.20 views

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

6.1CVSS6AI score0.00641EPSS
Exploits0References1
prion
prion
added 2020/03/17 3:15 p.m.16 views

Design/Logic Flaw

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

4.3CVSS5.9AI score0.00641EPSS
Exploits0References1Affected Software1
osv
osv
added 2019/01/08 11:29 p.m.3 views

UBUNTU-CVE-2019-5718

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a gett61string length check...

5.5CVSS6.8AI score0.01402EPSS
Exploits1References5
osv
osv
added 2018/05/21 9:29 p.m.16 views

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...

4.8CVSS5AI score0.00653EPSS
Exploits0References2
prion
prion
added 2018/05/21 9:29 p.m.16 views

Cross site scripting

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...

3.5CVSS4.7AI score0.00653EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder