Lucene search
K

156 matches found

CNVD
CNVD
added 2025/02/19 12:0 a.m.11 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-04167)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

4.8CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:22 p.m.15 views

CVE-2020-2880

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: OTA Training Activities. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.2CVSS7.2AI score0.01282EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 11:5 a.m.11 views

CVE-2024-21136

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications component: Security. Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

8.6CVSS7AI score0.01783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:8 a.m.6 views

CVE-2024-32970

Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...

7.1CVSS6.5AI score0.00713EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 9:15 p.m.13 views

CVE-2025-21530

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

4.3CVSS0.00516EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 9:15 a.m.7 views

CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

4.4CVSS0.00645EPSS
Exploits0References8
NVD
NVD
added 2024/10/10 10:15 p.m.27 views

CVE-2024-47165

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...

6.9CVSS0.00274EPSS
Exploits0References1
CNVD
CNVD
added 2024/09/20 12:0 a.m.5 views

DrayTek Vigor 3910 Buffer Overflow Vulnerability (CNVD-2024-39949)

The DrayTek Vigor 3910 is a high performance router for enterprise networks from DrayTek. A buffer overflow vulnerability exists in the DrayTek Vigor 3910 v4.3.2.6, which is caused by the sProfileName parameter on the fextobj.cgi page not properly validating the length of input data, and can be...

7.5CVSS7.2AI score0.00523EPSS
Exploits0References1
CNVD
CNVD
added 2024/09/18 12:0 a.m.3 views

SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability (CNVD-2024-49631)

SAP NetWeaver Enterprise Portal is a SAP NetWeaver Web front-end component from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by a...

4.7CVSS6.2AI score0.00235EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/07/29 12:0 a.m.6 views

Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC...

7.8CVSS7.1AI score
Exploits0
CNVD
CNVD
added 2024/07/16 12:0 a.m.11 views

IBM Datacap Navigator Information Disclosure Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from an information disclosure vulnerability that originates from temporarily storing data from different environments, which can be exploited by an attacker to obtain sensiti...

7.5CVSS6AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2024/06/28 11:29 a.m.10 views

EUVD-2024-46898

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

7.5CVSS6.1AI score0.01515EPSS
Exploits3References5
CNVD
CNVD
added 2024/06/05 12:0 a.m.6 views

WordPress ImageMagick Sharpen Resized Images plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ImageMagic...

5.9CVSS6.1AI score0.00259EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/30 12:0 a.m.11 views

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2024-26529)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow version 2.9.0 suffers from a cross-site scripting vulnerability that...

5.4CVSS6.3AI score0.01559EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/30 12:0 a.m.7 views

IBM UrbanCode Deploy Cross-Site Scripting Vulnerability (CNVD-2024-26496)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

5.4CVSS6.2AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/16 12:0 a.m.7 views

Cybozu Garoon security bypass vulnerability (CNVD-2024-29667)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A security bypass vulnerability exists in Cybozu Garoon, which stems from improper restriction of browsing and...

5.4CVSS6.8AI score0.00288EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.261 views

OpenCart Core 4.0.2.3 - 'search' SQLi

Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description :...

7.4AI score
Exploits0
CNVD
CNVD
added 2024/03/22 12:0 a.m.4 views

OneBlog Cross-Site Scripting Vulnerability

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...

6.1CVSS6.3AI score0.00375EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.16 views

PT-2024-2621

Name of the Vulnerable Software and Affected Versions net/http and net/http2 in Go affected versions not specified Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires...

7.5CVSS7.3AI score0.91969EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/02/29 5:3 a.m.29 views

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...

6.9AI score
Exploits0
Rows per page
Query Builder