Lucene search
K

94 matches found

Nuclei
Nuclei
added 14 hours ago11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/07 3:17 p.m.7 views

CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.3AI score0.00564EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3603

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.0026EPSS
Exploits1References2
NVD
NVD
added 2025/12/10 7:16 p.m.6 views

CVE-2025-64538

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

9.3CVSS0.00533EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 7:16 p.m.8 views

CVE-2025-64538

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

9.3CVSS6AI score
Exploits0References1
Veracode
Veracode
added 2025/08/19 8:17 a.m.7 views

NULL Pointer Dereference

MaterialX is vulnerable to NULL pointer dereference. The vulnerability is due to improper handling of shader node parsing in MTLX files, which allows an attacker to craft malicious files that can crash a target program...

7.5CVSS6.9AI score0.00463EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.7 views

The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted malicious file...

7.8CVSS6.4AI score0.0017EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, Adobe Acrobat 2024, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 involve reading beyond the buffer in memory. This allows attackers to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, Adobe Acrobat 2024, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow...

5.5CVSS5.6AI score0.00339EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.5 views

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 lies in the use of an uninitialized pointer, which allows a malicious actor to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of an uninitialized pointer during the processing of the itemVariationDataCount field. Exploitin...

7.8CVSS7.6AI score0.00437EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.5 views

The vulnerability of the Substance 3D Stager software lies in the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the Substance 3D Stager software-related 3D design software is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a hacker to execute arbitrary code in the context of the current user, using a specially created...

7.8CVSS6.4AI score0.00212EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.7 views

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS6.4AI score0.00612EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.8 views

The vulnerability of the SmartScreen security component, which prevents unauthorized access and malicious programs from being executed on Windows operating systems, allows attackers to circumvent security restrictions.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to errors in security settings. Exploiting this vulnerability allows a remote attacker to circumvent security restrictions by allowing the user to open a special...

9CVSS7.8AI score0.30344EPSS
Exploits0References4
NVD
NVD
added 2024/01/26 8:15 a.m.12 views

CVE-2023-48129

An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.13 views

CVE-2023-48135

An issue in mimasakafarm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.18 views

CVE-2023-48131

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.26 views

CVE-2023-48128

An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.12 views

CVE-2023-48130

An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.26 views

CVE-2023-48126

An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
Prion
Prion
added 2024/01/26 7:15 a.m.17 views

Design/Logic Flaw

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.5CVSS7.1AI score0.00359EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/01/26 7:15 a.m.14 views

Information disclosure

An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.5CVSS7.1AI score0.00359EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder