Lucene search
K

176 matches found

RedHat Linux
RedHat Linux
added 2024/04/25 8:11 a.m.27 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.6CVSS6.7AI score0.0049EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 2:15 p.m.15 views

CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

4.9CVSS4.9AI score0.00708EPSS
Exploits0References4
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.152 views

Super Socializer < 7.13.64 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed When creating a new widget, insert the following payload in the "FaceBook URL" field -...

6AI score0.005EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/03/15 12:0 a.m.7 views

The vulnerability of the Kofax PowerPDF software for creating, converting, editing, and publishing PDF files lies in the fact that operations are performed outside of the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Kofax PowerPDF software for creating, converting, editing, and publishing PDF files is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PDF file...

7.8CVSS8AI score0.00421EPSS
Exploits0References5Affected Software1
Fedora
Fedora
added 2024/03/07 10:33 p.m.21 views

[SECURITY] Fedora 40 Update: maven-plugin-tools-3.9.0-6.fc40

The Maven Plugin Tools contains the necessary tools to be able to produce Mav en Plugins in a variety of languages...

8.8CVSS8.9AI score0.02557EPSS
Exploits3
NVD
NVD
added 2024/02/29 1:43 a.m.26 views

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

4.3CVSS4.3AI score0.00538EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/28 11:28 a.m.38 views

CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset

Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...

5CVSS5.4AI score0.00727EPSS
Exploits0References2
Fedora
Fedora
added 2024/02/15 1:0 a.m.26 views

[SECURITY] Fedora 39 Update: engrampa-1.26.2-1.fc39

Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats...

9.6CVSS9AI score0.01652EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/11/17 12:0 a.m.23 views

tang security and bug fix update

7-8 - Set correct user/group tang/tang in tangd-keygen Resolves: rhbz2188743 7-7 - Fix race condition when creating/rotating keys Resolves: rhbz2182410 Resolves: CVE-2023-1672...

5.3CVSS5.4AI score0.00568EPSS
Exploits1
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.21 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4AI score0.00346EPSS
Exploits1References1
OSV
OSV
added 2023/09/16 6:15 a.m.30 views

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

5.4CVSS5.8AI score0.00397EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/28 9:15 p.m.4 views

CVE-2023-38969

Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function...

5.4CVSS6.5AI score0.00589EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/31 3:15 p.m.5 views

CVE-2023-38304

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group...

5.4CVSS6.1AI score0.00407EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.9 views

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 4.3.0 through 4.9.1 that stems from allowing an attacker to gain the ability to cancel a proposal by creating it in advance...

5.3CVSS5.7AI score0.00595EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.38 views

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

8.1AI score0.00437EPSS
Exploits1References2
NVD
NVD
added 2023/02/01 8:15 p.m.29 views

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

9.8CVSS9.8AI score0.7427EPSS
Exploits0References2
Prion
Prion
added 2023/01/27 10:15 p.m.17 views

Authorization

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

6.4CVSS6.3AI score0.00952EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.40 views

CVE-2022-45539

EyouCMS = 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file...

6.5AI score0.00418EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.7 views

kernel: sfc: fix kernel panic when creating VF

In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efxef10tryupdatenicstatsvf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has t...

5.5CVSS6.3AI score0.0027EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/11/01 11:12 p.m.24 views

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...

7.1AI score
Exploits0
Rows per page
Query Builder