Lucene search
K

337 matches found

Snyk
Snyk
added 2025/05/21 6:33 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview sjbr/sr-feuser-register is an A self-registration variant of Kasper Skårhøj's Front End User Admin extension for TYPO3 CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the handling of user input. An attacker can read arbitrary...

8.7CVSS7AI score0.00301EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/21 6:25 a.m.7 views

Regular Expression Denial Of Service (ReDoS)

Meteor is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling caused by applying a complex regex to user-controlled input forwardedFor, allows an attacker to remotely trigger excessive processing...

6.3CVSS6.6AI score0.00591EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/04/15 6:30 a.m.4 views

GHSA-RRJ2-PH5Q-JXW2 jquery-validation vulnerable to Cross-site Scripting

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS6AI score0.00315EPSS
Exploits0References5
NVD
NVD
added 2025/04/15 5:15 a.m.20 views

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/15 5:0 a.m.21 views

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS0.00315EPSS
Exploits0References3
CVE
CVE
added 2025/04/15 5:0 a.m.115 views

CVE-2025-3573

CVE-2025-3573 concerns the jquery-validation library. Versions before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, where user-controlled input can be written into the localizable validator.messages dictionary. The vulnerability is described as input-driven and ...

6.1CVSS6.1AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.6 views

PT-2025-16396

Name of the Vulnerable Software and Affected Versions Web-Check versions affected versions not specified Description A command injection issue exists in the screenshot API of the Web Check project, stemming from user-controlled input url being passed unsanitized into a shell command using exec,...

9.3CVSS5.9AI score0.19761EPSS
Exploits4References11
AlpineLinux
AlpineLinux
added 2025/04/07 12:0 a.m.33 views

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

7.5CVSS7.7AI score0.00487EPSS
Exploits0
Veracode
Veracode
added 2025/03/26 11:21 a.m.13 views

Arbitrary File Overwrite

H2O-3 is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper input validation due to the exportModelDetails function in ModelsHandler.java allowing user-controlled input in the mexport.dir parameter, enabling overwriting files at arbitrary locations on the host system...

8.2CVSS7.2AI score0.00514EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/22 1:3 p.m.6 views

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.8AI score0.00574EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:31 p.m.8 views

CVE-2024-7957

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS7AI score0.00879EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:10 a.m.44 views

CVE-2024-7957

The CVE-2024-7957 entry describes an arbitrary file overwrite vulnerability in the ZulipConnector of danswer-ai/danswer. The root cause is in load_credentials where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write contents, enabling overwriting or...

9.1CVSS9.2AI score0.00879EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:9 a.m.2 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.4AI score0.00574EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS0.00574EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-53151

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: Commit 78147ca8b4a9 svcrdma: Ad...

5.5CVSS6.3AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/02/11 5:15 p.m.0 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS6.1AI score0.00234EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2025/02/11 10:29 a.m.68 views

CVE-2025-23363

Summary (CVE-2025-23363): Siemens Teamcenter V14.x products disclose an open-redirect issue in the SSO login service. The SSO accepts user-controlled input that can specify an external URL, enabling an attacker to lure a legitimate user into clicking a crafted link that redirects to a malicious s...

7.4CVSS7.3AI score0.00518EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/06 7:58 p.m.26 views

WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

10CVSS6.8AI score0.02652EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:42 p.m.11 views

CVE-2022-48598

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS7.7AI score0.00608EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/12/12 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2932)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.62474EPSS
Exploits5References2
Rows per page
Query Builder