Lucene search
K

243 matches found

CNNVD
CNNVD
added 2023/07/25 12:0 a.m.4 views

REDCap SQL注入漏洞

REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.26 LTS and version 12.3.2 Standard, which stems from a SQL injection vulnerability at multiple function points...

2.7CVSS5.1AI score0.00513EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.3 views

libcap 输入验证错误漏洞

libcap is a package of network data capture functions from the individual developer Michael Kerrisk. A security vulnerability exists in libcap, which stems from an integer overflow that can occur if the input string is close to 4GiB...

7.8CVSS6.7AI score0.00574EPSS
Exploits1References16
GithubExploit
GithubExploit
added 2023/05/24 10:45 a.m.65 views

Exploit for Cross-site Scripting in Teampass

CVE-2023-2591: Stored HTML Injection in Item Label in Teampass...

7.1CVSS7.2AI score0.00607EPSS
Exploits2
NVD
NVD
added 2023/05/09 3:15 p.m.29 views

CVE-2023-32060

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 3:15 p.m.37 views

CVE-2023-31138

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

7.1CVSS6.8AI score0.00609EPSS
Exploits0References4
Prion
Prion
added 2023/05/09 3:15 p.m.15 views

Design/Logic Flaw

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

4CVSS6.4AI score0.00609EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/05/09 2:54 p.m.53 views

CVE-2023-32060

CVE-2023-32060 affects DHIS2 Core from the 2.35 branch prior to fixes: versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0. The issue is an improper access control for Category Option Combination Sharing that can cause the API endpoints /trackedEntityInstances and /events to return all events regardless...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/09 2:54 p.m.28 views

CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References3
CVE
CVE
added 2023/05/09 2:27 p.m.53 views

CVE-2023-31139

DHIS2 Core contains the service layer and Web API. The issue arises in versions prior to 2.37.9.1, 2.38.3.1, and 2.39.1.2, where Personal Access Tokens (PATs) generate unrestricted session cookies, potentially bypassing other access controls (e.g., IP restrictions or HTTP methods). Impact is a by...

7.5CVSS5.8AI score0.00629EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/05/09 2:11 p.m.33 views

CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

7.1CVSS7AI score0.00609EPSS
Exploits0References4
CVE
CVE
added 2023/05/09 2:11 p.m.39 views

CVE-2023-31138

CVE-2023-31138 affects DHIS2 Core: starting in the 2.36 branch and before 2.37.9.1, 2.38.3.1, or 2.39.1.2, authenticated users with write access to an object may modify related objects via object model traversal in a PATCH payload. Mitigation is to upgrade to a supported version: 2.37.9.1, 2.38.3...

7.1CVSS6.5AI score0.00609EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/09 12:30 p.m.26 views

teampass vulnerable to code injection

In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a for...

7.1CVSS5.6AI score0.00607EPSS
Exploits2References4Affected Software1
Huntr
Huntr
added 2023/05/07 12:40 p.m.22 views

Stored HTML Injection in Item Label

Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. Proof of Concept...

4.9CVSS5.8AI score0.00607EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.6 views

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system allows a intruder to disclose protected information.

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...

6.8CVSS6.9AI score0.00623EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.6 views

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

6.5CVSS6.9AI score0.00623EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 8:15 p.m.13 views

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

6.5CVSS6.2AI score0.00623EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 8:15 p.m.23 views

Buffer overflow

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

4CVSS6.4AI score0.00623EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/18 7:54 p.m.53 views

CVE-2023-21993

CVE-2023-21993 affects Oracle Clinical Remote Data Capture (Oracle Health Sciences Applications), component Forms, with vulnerable version 5.4.0.2. The issue is a network-accessible, low-privilege flaw that can lead to unauthorized data access (CVSS v3.1 base score 6.5, Confidentiality impact). P...

6.5CVSS6.2AI score0.00623EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in Oracle Clinical Remote Data Capture version 5.4.0.2 for Oracle Health Sciences Applications. An attacker could exploit the...

6.5CVSS7.3AI score0.00623EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.7 views

Acuant AcuFill SDK 代码问题漏洞

Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

7.3CVSS7.3AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder