Lucene search
K

6052 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.6 views

The vulnerability of the Yii2::createObject() method in the Yii PHP framework allows a attacker to execute arbitrary code.

The vulnerability of the Yii2::createObject method in the Yii PHP framework is related to improper protection of the alternative path. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

10CVSS8.1AI score0.87776EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2025/05/27 3:15 a.m.3 views

CVE-2025-4683

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.6 views

CVE-2025-24638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through = 1.4...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.6 views

CVE-2024-43781

A vulnerability has been identified in SINUMERIK 828D V4 All versions V4.95 SP3, SINUMERIK 840D sl V4 All versions V4.95 SP3 in connection with using Create MyConfig CMC = V4.8 SP1 HF6, SINUMERIK ONE All versions V6.23 in connection with using Create MyConfig CMC = V6.6, SINUMERIK ONE All version...

6.8CVSS6.1AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.10 views

CVE-2024-28683

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

6.1CVSS6.1AI score0.00472EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.9 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.4CVSS5.2AI score0.00397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.5 views

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...

9.8CVSS7.5AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.4 views

CVE-2024-5601

The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:11 a.m.7 views

CVE-2024-5678

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature...

4.7CVSS7.9AI score0.0255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.10 views

CVE-2024-47356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.7 views

CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

7.5CVSS6.8AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:43 a.m.11 views

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges...

6.6CVSS6.7AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.5 views

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

8.8CVSS7.6AI score0.00304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.4 views

CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS7AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.4 views

CVE-2024-32254

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image...

8.8CVSS6.8AI score0.00758EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:33 a.m.9 views

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

5.4CVSS5.2AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.6 views

CVE-2024-9917

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...

6.5CVSS6.6AI score0.08703EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:55 a.m.10 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

5.4CVSS5.4AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.11 views

CVE-2024-42816

A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

6.1CVSS5.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.13 views

CVE-2024-37495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.7...

6.5CVSS5.9AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder