Lucene search
K

8752 matches found

CNVD
CNVD
added 2022/12/14 12:0 a.m.31 views

Siemens Polarion ALM Host Header Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...

6.1CVSS2.5AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/13 6:46 a.m.5 views

CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This on...

4.3CVSS4.5AI score0.00454EPSS
Exploits0References3
CVE
CVE
added 2022/12/13 6:40 a.m.54 views

CVE-2022-46160

Tuleap dashboards CVE-2022-46160 affects versions prior to 14.2.99.104 (Community Edition) and 14.2-4 / 14.1-5 (Enterprise). The root cause is improper verification of project-level authorizations when accessing a project homepage/dashboards, allowing users not authorized to the project to retrie...

4.3CVSS4.4AI score0.00498EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-27777 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 14.2.99.104 Tuleap Community Edition version 14.2.99.104 Tuleap Enterprise Edition version 14.2-4 Tuleap Enterprise Edition version 14.1-5 Description: Tuleap is an Open Source Suite to improve management of software...

4.3CVSS4.3AI score0.00498EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2022/12/12 3:0 p.m.12 views

Rapid7 Recognized as a Top Place to Work for 11th Consecutive Year

On November 30th, 2022, Rapid7 was again recognized by The Boston Globe as a Top Place to Work in Massachusetts. This marks the 11th consecutive year Rapid7 has made the list, this time coming in at 3 in the large company category. Top Places to Work rankings are based on a Globe survey that...

1.1AI score
Exploits0
CNVD
CNVD
added 2022/12/09 12:0 a.m.19 views

SQL Injection Vulnerability in the Unified Management System of Shanghai Inlitech Digital Technology Co.

Ltd. is a company whose business scope includes engaging in technology development in the fields of digital technology, network technology and integrated circuit technology. A SQL injection vulnerability exists in the Unified Management System of Shanghai Inalways Digital Technology Co., Ltd, whi...

7.5AI score
Exploits0
OSV
OSV
added 2022/12/08 2:43 a.m.10 views

GSD-2022-1007890 iio: adc: mp2629: fix potential array out of bound access

iio: adc: mp2629: fix potential array out of bound access This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/12/08 2:29 a.m.9 views

GSD-2022-1007736 kcm: close race conditions on sk_receive_queue

kcm: close race conditions on skreceivequeue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/12/07 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2022:4335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.06419EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/12/07 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2022:4332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.9AI score0.00277EPSS
Exploits0References13
Snyk
Snyk
added 2022/12/06 4:3 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. PoC js var root = require"create-choo-electron" root.devInstall"./","& touch JHU",function Remediation There is no fixed version for...

9.8CVSS7.4AI score0.01547EPSS
Exploits1References2
OSV
OSV
added 2022/12/06 12:0 a.m.37 views

ALSA-2022:8833 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1, nodejs-nodemon 2.0.20. BZ2142818 Security Fixes: nodejs-minimatch: ReDoS vi...

8.1CVSS8.2AI score0.14024EPSS
Exploits0References6
Openbugbounty
Openbugbounty
added 2022/12/05 1:36 p.m.7 views

legacydevelopment.co.za Cross Site Scripting vulnerability OBB-3087326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNVD
CNVD
added 2022/12/04 12:0 a.m.208 views

SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/01 11:13 a.m.28 views

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...

8.1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2022:4296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.01936EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.7 views

PT-2022-5972 · 3S Smart Software Solutions · Codesys Development System V3

Name of the Vulnerable Software and Affected Versions: CODESYS Development System V3 versions prior to V3.5.18.40 Description: The issue is related to inadequate encryption strength, allowing an unauthenticated local attacker to access and manipulate the code of the encrypted boot application. It...

8.5CVSS7.5AI score0.00083EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.4 views

PT-2022-13369 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: Microweber version 1.3.1 Description: The issue allows an unauthenticated user to perform an account takeover via a Cross-Site Scripting XSS attack on the select-file parameter. There is a patch available in the development branch, but it has...

6.1CVSS6.2AI score0.00681EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:4202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.01936EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2022/11/22 5:0 p.m.83 views

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

10CVSS0.4AI score0.99999EPSS
Exploits352
Rows per page
Query Builder