Lucene search
K

4421 matches found

CNNVD
CNNVD
added 2023/04/05 12:0 a.m.5 views

Ichitaro 2022 安全漏洞

JustSystems Ichitaro is a Japanese word processing software from JustSystems. A security vulnerability exists in Ichitaro 2022 version 1.0.1.57600, which stems from an invalid release vulnerability that can be exploited by an attacker to cause memory corruption by releasing the stack pointer via...

7.8CVSS7.4AI score0.00452EPSS
Exploits1References4
0day.today
0day.today
added 2023/04/05 12:0 a.m.282 views

CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...

6.1CVSS6.9AI score0.02097EPSS
Exploits4
OSV
OSV
added 2023/03/31 9:30 p.m.16 views

GHSA-6RFV-H5V8-CJ7G jeecg-boot vulnerable to improper authentication

A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...

9.8CVSS7.4AI score0.00997EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/31 9:30 p.m.27 views

jeecg-boot vulnerable to improper authentication

A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...

9.8CVSS9.1AI score0.00997EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/03/31 8:15 p.m.16 views

CVE-2023-1784

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

9.8CVSS9.8AI score
Exploits0References3
Prion
Prion
added 2023/03/31 8:15 p.m.14 views

Authentication flaw

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

5CVSS9.5AI score0.00997EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/31 8:0 p.m.38 views

CVE-2023-1784 jeecg-boot API Documentation improper authentication

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

5.3CVSS9.9AI score0.00997EPSS
Exploits0References3
CVE
CVE
added 2023/03/31 8:0 p.m.60 views

CVE-2023-1784

CVE-2023-1784 (jeecg-boot 3.5.0) is described across multiple connected sources as a critical issue involving improper authentication in the API Documentation processing. The root cause is not fully detailed in the provided documents, but the vulnerability enables remote exploitation and is assoc...

9.8CVSS7.5AI score0.00997EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/31 2:16 a.m.3 views

Malicious code in sa-club-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec22686cd96cc265b760943a47162bbd00a00c3ca60478a5388cd11b84fcbff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/03/31 2:16 a.m.8 views

MAL-2023-752 Malicious code in sa-club-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec22686cd96cc265b760943a47162bbd00a00c3ca60478a5388cd11b84fcbff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.11 views

PT-2023-17242 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.0 Description: A critical issue affects some unknown processing of the component API Documentation, leading to improper authentication because the software does not properly prove or insufficiently proves that an identi...

9.8CVSS7.3AI score0.00997EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:34 a.m.54 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...

9.8CVSS9.3AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 10:46 a.m.18 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [X-Force 247595]

Summary Encode Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 10:20 a.m.36 views

Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]

Summary libarchive is present in the IBM App Connect Enterprise Certified Container images as part of the base operating system. IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service. This bulletin provides patch information to address the reported...

6.5CVSS6.3AI score0.03341EPSS
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2023/03/27 5:0 a.m.29 views

GitHub accidentally exposes RSA SSH key

Late last week, GitHub tweeted that it had replaced its RSA SSH "out of an abundance of caution," after accidentally exposing the key on a publicly accessible repository. How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to...

6.8AI score
Exploits0
Circl
Circl
added 2023/03/22 3:35 p.m.22 views

CVE-2023-27637

creationtimestamp| type| source ---|---|--- 2023-03-22 15:35:50+00:00| exploited| https://t.me/cibsecurity/60441 2025-05-29 13:34:23+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-27637.yaml 2025-05-30 21:02:20+00:00| seen|...

9.8CVSS7.3AI score0.03299EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2023/03/22 12:0 a.m.296 views

Python CGI Documentation Cross Site Scripting

Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...

6.8AI score
Exploits0
OSV
OSV
added 2023/03/17 7:42 a.m.8 views

SUSE-SU-2023:0794-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in SLE-15 bsc1199282, jscPM-3243, jscSLE-24629 - Update to 2.4.0 bsc1199756 - Explicit check the key for ECAlgorithm - Don't use implicit...

7.5CVSS7.5AI score0.012EPSS
Exploits0References5
Kitploit
Kitploit
added 2023/03/16 11:30 a.m.149 views

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

7.3AI score
Exploits0References1
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

Incorrect validation of the result of the transfer * transferFrom method call. Failure to comply with the ERC20 standard

Lines of code Vulnerability details Impact Inability to use ERC20 standard tokens. As an example of the future LP token Proof of Concept According to the ERC-20 standard, the transfer and transferFrom methods return true or false, but looking at the code we see that:...

7AI score
Exploits0
Rows per page
Query Builder