Lucene search
K

156 matches found

Prion
Prion
added 2024/01/19 3:15 p.m.14 views

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9...

6.5CVSS7.2AI score0.00538EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2023/12/18 12:0 a.m.6 views

RPCMS Cross-Site Scripting Vulnerability (CNVD-2024-01190)

RPCMS is a software application, a web CMS system. A cross-site scripting vulnerability exists in RPCMS v3.5.5, which stems from the lack of effective filtering and escaping of user-supplied data in the component /logs/dopost.html, and can be exploited by an attacker to execute arbitrary Web scri...

5.4CVSS6.3AI score0.00409EPSS
Exploits1References1
CNVD
CNVD
added 2023/12/11 12:0 a.m.5 views

BoidCMS Cross-Site Scripting Vulnerability

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...

5.4CVSS6.3AI score0.00464EPSS
Exploits2References1
CNVD
CNVD
added 2023/11/21 12:0 a.m.5 views

SuiteCRM HTML Injection Vulnerability

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from an HTML injection vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the salesagility/suitecrm tittle, which can be exploited by an attacker to cause HTML...

9.8CVSS7AI score0.00686EPSS
Exploits1References1
CNVD
CNVD
added 2023/11/01 12:0 a.m.8 views

Google Android Information Disclosure Vulnerability (CNVD-2024-05383)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.5CVSS6.1AI score0.00097EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/09/28 11:18 a.m.353 views

Exploit for Deserialization of Untrusted Data in Vmware Spring_For_Apache_Kafka

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execut...

7.8CVSS8AI score0.02162EPSS
Exploits2
CNVD
CNVD
added 2023/07/14 12:0 a.m.12 views

Adobe ColdFusion Deserialization Vulnerability (CNVD-2024-25608)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...

9.8CVSS6.8AI score0.99984EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.10 views

CVE-2023-29296 [Cloud] Customer suspects IDOR vulnerability

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

4.3CVSS6.8AI score0.00585EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/15 12:0 a.m.7 views

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...

5.4AI score0.00096EPSS
Exploits0References1
CNVD
CNVD
added 2023/05/05 12:0 a.m.10 views

Pimcore Properties Parameter Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.270 views

D-Link DIR-846 Remote Command Execution

Exploit Title: D-Link DIR-846 - Remote Command Execution RCE vulnerability Google Dork: NA Date: 30/01/2023 Exploit Author: Françoa Taffarel Vendor Homepage:...

8.8CVSS8.8AI score0.10503EPSS
Exploits4
CNVD
CNVD
added 2022/10/31 12:0 a.m.10 views

WordPress Plugin ExpressTech Quiz And Survey Master Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin ExpressTech Quiz And Survey Master has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

5.4CVSS5.8AI score0.0044EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/21 12:0 a.m.8 views

Tenda AC21 setSmartPowerManagement Function Buffer Overflow Vulnerability

The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from a lack of length checking of input data in the setSmartPowerManagement function of /bin/httpd, which can be exploited to cause httpd...

7.5CVSS7.2AI score0.00857EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/11 12:0 a.m.11 views

Microsoft Excel Code Execution Vulnerability (CNVD-2023-53908)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...

7.8CVSS7.5AI score0.00774EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/06/24 3:0 p.m.7 views

CVE-2022-1517 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...

10CVSS7.3AI score0.01633EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.187 views

My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; sc...

4.3CVSS0.8AI score0.00412EPSS
Exploits2
CNVD
CNVD
added 2022/05/18 12:0 a.m.26 views

Cybozu Garoon Authorization Issue Vulnerability (CNVD-2022-53804)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. Cybozu Garoon suffers from an authorization issue vulnerability that originates from improper privilege managemen...

5.5CVSS5.9AI score0.00669EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2022/04/28 3:1 p.m.15 views

Hackers fool major tech companies into handing over data of women and minors to abuse

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...

Exploits0
CNVD
CNVD
added 2022/04/14 12:0 a.m.14 views

Pimcore SQL Injection Vulnerability (CNVD-2022-85099)

Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...

7.5CVSS3.4AI score0.01415EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.4 views

SAP Netweaver 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver Real Time Messaging Framework version 7.50 that allows an...

5.3CVSS5.8AI score0.00755EPSS
Exploits0References4
Rows per page
Query Builder