Lucene search
K

288 matches found

Cvelist
Cvelist
added 2024/11/04 1:48 a.m.16 views

CVE-2024-20104

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772...

0.00089EPSS
Exploits0References1
NVD
NVD
added 2024/10/17 8:15 p.m.18 views

CVE-2024-49255

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniele Alessandra Da Reactions da-reactions allows Stored XSS.This issue affects Da Reactions: from n/a through = 5.1.5...

6.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 7:34 p.m.57 views

CVE-2024-49255

CVE-2024-49255 affects the WordPress plugin Da Reactions (

6.5CVSS5.9AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-33393 · Unknown · Daniele Alessandra Da Reactions

Name of the Vulnerable Software and Affected Versions: Daniele Alessandra Da Reactions versions through 5.1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...

6.5CVSS6.3AI score0.00229EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

WordPress plugin Da Reactions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.00229EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/14 12:26 p.m.4 views

WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Da Reactions versions = 5.1.5...

6.5CVSS6.1AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.10 views

WordPress Da Reactions Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Da Reactions Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49255 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e927ad34c153 Credits Khalid Yusuf Required privilege Contribut...

6.5CVSS6.5AI score0.00229EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 12:0 a.m.10 views

CVE-2024-44825

Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file...

6.8AI score0.00914EPSS
Exploits2References3
CVE
CVE
added 2024/09/25 12:0 a.m.65 views

CVE-2024-44825

CVE-2024-44825 concerns InVesalius3 (v3.1.99995). Affected component is the .inv3 file handling, enabling a directory traversal that lets an attacker write arbitrary files to the system. The vulnerability is evidenced across multiple feeds (NVD, Red Hat, CIRCL, CVE List) with the core description...

7.5CVSS6.5AI score0.00914EPSS
Exploits2References3
OSV
OSV
added 2024/09/17 10:10 a.m.5 views

MAL-2024-8886 Malicious code in 0g-da-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2638730cdc6149851ffde4258625886da39146fb96e355280a2460ec01653ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/17 10:10 a.m.4 views

Malicious code in 0g-da-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2638730cdc6149851ffde4258625886da39146fb96e355280a2460ec01653ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/31 12:54 a.m.7 views

kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered...

4.7CVSS6.3AI score0.00222EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/06 2:51 a.m.27 views

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514...

7AI score0.00083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/06 2:51 a.m.20 views

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514...

7.1AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.6 views

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which stems from an incorrect state check in the da module, which may result in an escalation of privileges...

5.9CVSS7AI score0.00106EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.5 views

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which stems from an incorrect state check in the da module, which may result in an escalation of privileges...

6.7CVSS7AI score0.00091EPSS
Exploits0References2
OSV
OSV
added 2024/04/01 3:15 a.m.3 views

CVE-2024-20043

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781...

6.6CVSS5.9AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.5 views

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a missing boundary check issue in the da module, which could result in an out-of-bounds write...

6.6CVSS6.7AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.5 views

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a missing boundary check issue in the da module, which could result in an out-of-bounds write...

6.6CVSS6.7AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.6 views

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a missing boundary check issue in the da module, which could result in an out-of-bounds read...

4.4CVSS6.7AI score0.0022EPSS
Exploits0References2
Rows per page
Query Builder