Lucene search
K

46 matches found

Cvelist
Cvelist
added 2026/05/09 10:15 p.m.28 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00053EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-23692

Malware in sbrugna...

9.1CVSS9.2AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2025/10/06 5:16 p.m.1 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

9.8CVSS5.5AI score0.0005EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-39715

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00761EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:9 p.m.6 views

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

7.5CVSS7.4AI score0.00761EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:11 a.m.7 views

CVE-2024-54288

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LDD Web Design LDD Directory Lite ldd-directory-lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through = 3.3...

7.1CVSS7.2AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.4 views

PT-2024-38744 · Autodesk · Vred Design

Name of the Vulnerable Software and Affected Versions: VRED Design affected versions not specified Description: A maliciously crafted binary file, when downloaded, could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design...

7.8CVSS6.6AI score0.00302EPSS
Exploits0References6
NVD
NVD
added 2024/02/18 3:15 a.m.11 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

6.3CVSS6.4AI score0.00038EPSS
Exploits0References2
Prion
Prion
added 2024/02/18 3:15 a.m.15 views

Privilege escalation

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

7.2AI score0.00038EPSS
Exploits0References2
Prion
Prion
added 2023/12/01 2:15 p.m.16 views

Design/Logic Flaw

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

2.1CVSS6.9AI score0.00031EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/08 10:15 a.m.23 views

Design/Logic Flaw

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data...

5CVSS7AI score0.0016EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/25 1:15 p.m.21 views

Design/Logic Flaw

Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart...

5CVSS7.4AI score0.00134EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/09/25 11:39 a.m.13 views

CVE-2023-41297

Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking...

6.9AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2023/08/10 2:15 p.m.1 views

CVE-2023-29320

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of th...

7.8CVSS6.2AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2022/09/28 2:44 a.m.18 views

capture-design.com Cross Site Scripting vulnerability OBB-2959942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Prion
Prion
added 2022/08/18 6:15 p.m.24 views

Design/Logic Flaw

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

5CVSS8AI score0.00761EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.9 views

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings PoC To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...

4.7AI score
Exploits0Affected Software1
CVE
CVE
added 2022/01/03 9:7 p.m.45 views

CVE-2021-37116

CVE-2021-37116 affects Huawei HarmonyOS PCManager. The vulnerability is described as a weakness introduced during design that could allow changing a subscriber PIN. The NVD entry lists CVSS v3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H with a base score of 9.1 (CRITICAL) and notes impact to confidenti...

9.1CVSS9.1AI score0.00236EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/03 9:7 p.m.16 views

CVE-2021-37116

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed...

9.4AI score0.00236EPSS
Exploits0References1
Prion
Prion
added 2021/06/30 3:15 p.m.17 views

Design/Logic Flaw

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability...

6.4CVSS9AI score0.00182EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder