Lucene search
K

4422 matches found

0day.today
0day.today
added 2023/02/13 12:0 a.m.298 views

CKSource CKEditor5 35.4.0 Cross Site Scripting Vulnerability

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 w...

6.1CVSS6.6AI score0.02097EPSS
Exploits4
OSV
OSV
added 2023/02/10 7:52 p.m.28 views

GHSA-2H6C-J3GF-XP9R IPFS go-bitfield vulnerable to DoS via malformed size arguments

Impact When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8 or is negative. There were already a note in the NewBitfield documentation: Panics if size is not a multiple ...

5.9CVSS6.5AI score0.0091EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 9:38 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to [CVE-2022-45907]

Summary PyTorch is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution. This bulletin provides patch information to addres...

9.8CVSS9.7AI score0.01192EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/02/09 9:15 p.m.26 views

CVE-2023-23626

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

7.5CVSS6.2AI score0.0091EPSS
Exploits1References2
Prion
Prion
added 2023/02/09 9:15 p.m.16 views

Code injection

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

5CVSS7.5AI score0.0091EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/09 8:54 p.m.27 views

CVE-2023-23626 Denial of service when feeding malformed size arguments in go-bitfield

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

5.9CVSS7.7AI score0.0091EPSS
Exploits1References2
OSV
OSV
added 2023/02/09 8:54 p.m.27 views

CVE-2023-23626 Denial of service when feeding malformed size arguments in go-bitfield

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

5.9CVSS7.4AI score0.0091EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.425 views

CKSource CKEditor5 35.4.0 Cross Site Scripting

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110...

6.8AI score0.02097EPSS
Exploits4
OSV
OSV
added 2023/02/08 10:37 p.m.40 views

GHSA-MV6W-J4XC-QPFW Argo CD leaks repository credentials in user-facing error messages and in logs

Impact All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an...

6.3CVSS6.5AI score0.00843EPSS
Exploits0References7
OSV
OSV
added 2023/02/08 2:2 a.m.5 views

OPENSUSE-SU-2023:0041-1 Security update for EternalTerminal

This update for EternalTerminal fixes the following issues: EternalTerminal was updated to 6.2.4: CVE-2022-48257, CVE-2022-48258 remedied fix readme regarding port forwarding 522 Fix test failures that started appearing in CI 526 Add documentation for the EternalTerminal protocol 523 ssh-et: appl...

5.3CVSS5.3AI score0.01071EPSS
Exploits2References5
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.12 views

Upgraded Q -> 3 from #619 [1675724566035]

Judge has assessed an item in Issue 619 as 3 risk. The relevant finding follows: The function withdrawRemainingTokens can be changed in a safer way to handle the withdraw from the owner and the protocol fee as well. This prevent risks allocated with the protocol fees. By the docs this function is...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:20 p.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-43548]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

8.1CVSS8.4AI score0.14024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:35 a.m.70 views

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service attacks due to snakeYAML

Summary SnakeYAML is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service attacks. CVE-2022-25857, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749, CVE-2022-38750 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package...

7.5CVSS6.7AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 10:35 a.m.38 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the compilation of regular expression...

7.5CVSS7.9AI score0.01544EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 10:31 a.m.34 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495 with details below Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection...

9.8CVSS9.2AI score0.0558EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview documentation-ably-realtime is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

9.8CVSS7.1AI score
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/01/27 9:17 p.m.73 views

Metasploit Weekly Wrap-Up

Cacti Unauthenticated Command Injection Thanks to community contributor Erik Wynter, Metasploit Framework now has an exploit module for an unauthenticated command injection vulnerability in the Cacti network-monitoring software. The vulnerability is due to a procopen call that accepts unsanitized...

10AI score0.99826EPSS
Exploits48
Circl
Circl
added 2023/01/27 2:34 p.m.15 views

CVE-2023-0527

creationtimestamp| type| source ---|---|--- 2023-01-27 14:34:22+00:00| seen| https://t.me/cibsecurity/57026 2023-05-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51494...

6.1CVSS4.7AI score0.06169EPSS
Exploits4References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/27 10:9 a.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to [CVE-2022-23491]

Summary Python module certifi is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to verifying untrustworth certificates. This bulletin provides...

7.5CVSS6.7AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 3:23 p.m.40 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-41715]

Summary Some components of IBM App Connect Enterprise Certified Container operator and operands are implemented in Golang Go. These components may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41715...

7.5CVSS7.6AI score0.01339EPSS
Exploits0Affected Software1
Rows per page
Query Builder