Lucene search
K

125 matches found

OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-2000

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Premium Addons PRO Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.7 views

PT-2024-18488 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the navigation dots parameter of the...

6.4CVSS8AI score0.00423EPSS
Exploits0References5
NVD
NVD
added 2024/01/22 11:15 p.m.14 views

CVE-2024-23340

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS5.6AI score0.00722EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/01/22 11:0 p.m.5 views

CVE-2024-23340 @hono/node-server can't handle "double dots" in URL

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS7AI score0.00722EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.5 views

Sudo Path Traversal Vulnerability

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A security vulnerability exists in Sudo-rs versions prior to 0.2.1, which stems from the fact that a username containing the . and / characters could cause specific files ...

8.1CVSS7AI score0.00571EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/09/04 11:27 a.m.42 views

CVE-2023-2813 Multiple Themes - Reflected XSS

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.2AI score0.00972EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.6 views

PT-2023-19184 · Ubiquiti · Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 Description: A critical issue affects the Web Management Interface component. The manipulation of the dpi argument leads to command injection, allowing remote attacks. The issue has been...

8.8CVSS7.4AI score0.07559EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.5 views

SUSE CVE-2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

5CVSS6.9AI score0.03346EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2011-4681

Opera before 11.60 does not properly consider the number of . dot characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as...

5CVSS6.9AI score0.02093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.9 views

SUSE CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.2AI score0.94859EPSS
Exploits29References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

7.5CVSS7.7AI score0.01466EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.3CVSS8.9AI score0.01596EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.1 views

OpenSSL 安全漏洞

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Intern...

7.5CVSS6.9AI score0.92488EPSS
Exploits2References55
AlpineLinux
AlpineLinux
added 2022/06/01 12:0 a.m.45 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS6AI score0.01118EPSS
Exploits1
OSV
OSV
added 2022/05/24 7:16 p.m.2 views

GHSA-6Q4G-84F3-MW74 Improper handling of equivalent directory names on Windows in Jenkins

Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names. On Windows, when specifying a file or folder with a trailing dot character example., the file or folder will be treated as if that character was not present example. As both are legal names f...

6.3CVSS5.9AI score0.00967EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/01 12:0 a.m.3 views

PT-2025-8362 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, which can cause a kernel panic. The issue arises when the inline dots flag is set in a special file, such as a character, block...

6.5AI score0.00245EPSS
Exploits0References16
OSV
OSV
added 2021/11/11 10:15 p.m.2 views

DEBIAN-CVE-2021-3907

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

9.8CVSS8AI score0.04065EPSS
Exploits0References1
OSV
OSV
added 2021/11/11 10:15 p.m.8 views

UBUNTU-CVE-2021-3907

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

9.8CVSS7.8AI score0.04065EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/06 12:0 a.m.4 views

PT-2021-14725 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier Description: The issue arises from Jenkins accepting names of jobs and other entities with a trailing dot character on Windows, potentially allowing users with...

4.3CVSS4.3AI score0.00967EPSS
Exploits0References9
Rows per page
Query Builder