Lucene search
K

6043 matches found

CNNVD
CNNVD
added 2024/10/06 12:0 a.m.3 views

WordPress plugin Create 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.1CVSS6AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.4 views

PT-2024-32572

Name of the Vulnerable Software and Affected Versions Catch Themes Create versions prior to 2.9.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.3 views

PT-2024-7160 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.478 and earlier, LTS 2.462.2 and earlier Description: The issue is related to insufficient access control in Jenkins, allowing attackers to bypass item creation restrictions. If an attempt is made to create an item of a...

5.3CVSS9.4AI score0.0084EPSS
Exploits0References14
Patchstack
Patchstack
added 2024/09/30 9:8 a.m.5 views

WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme Create versions = 2.9.1...

5.9CVSS6.1AI score0.0021EPSS
Exploits0Affected Software1
CVE
CVE
added 2024/09/30 7:45 a.m.54 views

CVE-2024-8458

The CVE-2024-8458 entry concerns PLANET Technology switch models whose web interface is vulnerable to Cross-Site Request Forgery (CSRF). Affected component: the web application on certain PLANET switch devices. Root cause: CSRF in the web front end allows an unauthenticated remote attacker to tri...

8.8CVSS8.8AI score0.00267EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.5 views

The vulnerabilities of the functions cgi_create_playlist() and cgi_get_tracks_list() (/cgi-bin/MyMusic.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allow a malicious individual to execute arbitrary commands.

The vulnerabilities of the functions cgicreateplaylist and cgigettrackslist /cgi-bin/MyMusic.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343...

9CVSS7.3AI score0.18941EPSS
Exploits1References7
OSV
OSV
added 2024/09/27 1:15 p.m.2 views

DEBIAN-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

5.5CVSS5.4AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 1:15 p.m.2 views

UBUNTU-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

5.5CVSS5.7AI score0.002EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.262 views

Rupee Invoice System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.5 views

kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

5.5CVSS6.8AI score0.00251EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 12:37 a.m.2 views

kernel: NFSD: Fix NFSv3 SETATTR/CREATE&#39;s handling of large file sizes

A vulnerability was found in the Linux kernel's NFSD, specifically in the handling of large file sizes during NFSv3 SETATTR and CREATE operations. The iasize field, being a signed 64-bit type, can lead to unexpected behavior when clients send size values larger than the maximum allowed. This...

5.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Snyk
Snyk
added 2024/09/23 7:40 p.m.1 views

SQL Injection

Overview centreon/centreon is a network, system, applicative supervision and monitoring tool. Affected versions of this package are vulnerable to SQL Injection via the create user form inputs. Remediation Upgrade centreon/centreon to version 22.10.24, 23.4.21, 23.10.16, 24.4.6 or higher. Referenc...

8.6CVSS8AI score0.02154EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.309 views

Vaidya-Mitra 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/09/19 3:11 a.m.2 views

SUSE CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

5.5CVSS6.3AI score0.00233EPSS
Exploits0References19
OSV
OSV
added 2024/09/18 7:15 a.m.12 views

AZL-49389 CVE-2024-46721 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

5.5CVSS6.4AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2024/09/18 7:15 a.m.2 views

UBUNTU-CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

5.5CVSS6.2AI score0.00233EPSS
Exploits0References27
Github Security Blog
Github Security Blog
added 2024/09/17 6:44 p.m.74 views

Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

4.8CVSS7AI score0.0103EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/09/17 2:15 p.m.6 views

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
Snyk
Snyk
added 2024/09/17 1:55 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...

7.5CVSS6.9AI score0.00485EPSS
Exploits0References2
OSV
OSV
added 2024/09/17 1:15 p.m.4 views

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

8.8CVSS5.8AI score0.00304EPSS
Exploits1References1
Rows per page
Query Builder