Lucene search
K

6047 matches found

OSV
OSV
added 2024/10/18 10:15 p.m.4 views

CVE-2024-10129

A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/createshare.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely...

6.5CVSS5.6AI score0.0045EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.6 views

PT-2024-16050 · Unknown · Hfo4 Shudong-Share

Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share versions up to 2.4.7 Description: A critical vulnerability has been found in HFO4 shudong-share, affecting an unknown part of the file /includes/create share.php of the component Share Handler. The manipulation of the...

6.5CVSS7.1AI score0.0045EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.4 views

shudong-share SQL注入漏洞

shudong-share is a free and open source PHP extranet system by AaronLiu's personal developer. A SQL injection vulnerability exists in shudong-share 2.4.7 and earlier versions, which originates from the parameter fkey in the file /includes/createshare.php of Share Handler, which can lead to SQL...

6.5CVSS7AI score0.0045EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2024/10/17 10:15 p.m.4 views

CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

9.8CVSS6.7AI score0.02098EPSS
Exploits2References3
OSV
OSV
added 2024/10/17 10:15 p.m.1 views

UBUNTU-CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

9.8CVSS6.4AI score0.02098EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

WordPress plugin Forminator Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.6AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2024/10/16 1:15 p.m.5 views

CVE-2023-32194

A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...

8.6CVSS5.7AI score0.00403EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/10/16 10:26 a.m.22 views

CVE-2024-21233

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...

4.3CVSS5.5AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 7:15 a.m.5 views

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

6.5CVSS5.8AI score0.00327EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.3 views

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

7.1CVSS5.4AI score0.00327EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/16 12:28 a.m.1 views

kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system...

5.5CVSS6.6AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.8 views

PT-2024-39587 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

4.3CVSS7AI score0.00207EPSS
Exploits0References7
OSV
OSV
added 2024/10/15 8:15 p.m.5 views

CVE-2024-21251

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net t...

3.1CVSS5.8AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2024/10/15 8:15 p.m.3 views

CVE-2024-21233

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...

4.3CVSS5.8AI score0.00411EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-7291

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createmollieaccount function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/11 12:0 a.m.8 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...

8.5CVSS8.3AI score0.99597EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2024/10/10 10:15 p.m.8 views

CVE-2024-9815

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...

7.2CVSS5.5AI score0.00597EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/10 9:31 p.m.17 views

CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...

5.8CVSS0.00597EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/10 9:31 p.m.12 views

CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...

5.8CVSS4.9AI score0.00597EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.5 views

PT-2024-39860 · Codezips · Codezips Tourist Management System

Name of the Vulnerable Software and Affected Versions: Codezips Tourist Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/create-package.php. The manipulation of the packageimage argument leads to...

7.2CVSS5.2AI score0.00597EPSS
Exploits1References9
Rows per page
Query Builder