Lucene search
K

6038 matches found

CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

Campcodes Complete Web-Based School Management System 跨站脚本漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from a cross-site scripting vulnerability in...

6.1CVSS4.5AI score0.00516EPSS
Exploits1References6
OSV
OSV
added 2024/05/13 4:8 p.m.8 views

CVE-2023-50718 NocoDB SQL Injection vulnerability

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

6.5CVSS6.7AI score0.00696EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.3 views

PT-2024-26118 · Unknown · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...

5.9CVSS6.2AI score0.00647EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/05/09 1:0 p.m.20 views

CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

3.1CVSS3.8AI score0.00722EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/05/09 1:0 p.m.18 views

CVE-2024-4317

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

4.3CVSS6.8AI score0.00722EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-32263 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /view/create events.php. The manipulation of the my index argument leads to...

6.1CVSS4.2AI score0.00516EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-28069

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue is related to the net/mlx5 component of the Linux kernel, where a timeout has been added to acquire the command queue semaphore. This change prevents forced completion handling on an...

7.8CVSS5.3AI score0.00259EPSS
Exploits0
OSV
OSV
added 2024/05/05 3:15 a.m.3 views

DEBIAN-CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS5.7AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.4 views

CVE-2023-41184

TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerabilit...

8CVSS6.3AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.2 views

CVE-2023-40505

LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS6.3AI score0.0196EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.1 views

SUSE CVE-2024-26954

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smbstrndupfromutf16 If -NameOffset of smb2createreq is smaller than Buffer offset of smb2createreq, slab-out-of-bounds read can happen from smb2open. This patch set the minimum value of the name...

7.1CVSS7.8AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.3 views

SUSE CVE-2024-26986

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in createprocess failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress...

5.5CVSS6.7AI score0.00229EPSS
Exploits0References13
OSV
OSV
added 2024/05/02 2:15 p.m.5 views

CVE-2024-33305

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...

6.1CVSS5.8AI score0.00435EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin Ivory Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.2AI score0.00445EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...

5.3CVSS6.9AI score0.00584EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/02 12:0 a.m.9 views

CVE-2024-33305

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...

6AI score0.00435EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/02 12:0 a.m.19 views

CVE-2024-33305

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...

5.9AI score0.00435EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-25195 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the Middle Name parameter in the Create User function. This allows for potential malicious script injection...

6.1CVSS6AI score0.00435EPSS
Exploits1References6
CVE
CVE
added 2024/05/02 12:0 a.m.56 views

CVE-2024-33305

SourceCodester Laboratory Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability via the Middle Name parameter in Create User. The issue is documented across multiple sources, with CVE-2024-33305 noting an XSS path and a CVSS v3.1 base score of 6.1 (Network attack vector,...

6.1CVSS6AI score0.00435EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/05/01 8:15 p.m.2 views

CVE-2024-33306

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" parameter in Create User...

7.4CVSS5.8AI score0.00657EPSS
Exploits1References1
Rows per page
Query Builder