Lucene search
K

18 matches found

Veracode
Veracode
added 2025/07/23 7:1 a.m.7 views

Remote File Inclusion

librenms/librenms is vulnerable to Remote File Inclusion RFI. The vulnerability is due to unsafe dynamic file inclusion caused by the ajaxform.php endpoint using user-controlled POST input in the type parameter to include .inc.php files without proper validation or allowlisting, potentially leadi...

7.5CVSS6.8AI score0.00804EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/09/03 8:15 p.m.38 views

CVE-2024-45389

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

6.4CVSS0.00397EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/20 11:42 p.m.41 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.9AI score0.00493EPSS
Exploits0References8Affected Software2
Snyk
Snyk
added 2024/02/20 6:45 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

6.3CVSS6.3AI score0.00493EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/20 6:45 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

6.3CVSS6.4AI score0.00493EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 5:29 p.m.62 views

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS6.2AI score0.00493EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/20 5:29 p.m.8 views

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS5.8AI score0.00493EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.4 views

Decidim Cross-Site Scripting Vulnerability

Decidim is a participatory democracy framework written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.0 through 0.27.5 and 0.28.0, which stems from a cross-site scripting vulnerability in the dynamic file upload feature...

6.3CVSS6.3AI score0.00493EPSS
Exploits0References7
RubySec
RubySec
added 2024/02/20 12:0 a.m.19 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.28 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/28 4:5 p.m.5 views

kernel: use-after-free due to race condition occurring in dvb_register_device()

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbregisterdevice function due to the fileoperations structure fops being dynamically allocated and later kfreed. A local user could use this...

7CVSS6.6AI score0.00309EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/28 3:40 p.m.2 views

kernel: use-after-free due to race condition occurring in dvb_register_device()

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbregisterdevice function due to the fileoperations structure fops being dynamically allocated and later kfreed. A local user could use this...

7CVSS6.6AI score0.00309EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2022/11/30 8:0 a.m.3 views

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free related to dvb_register_device dynamically allocating fops.

...

7CVSS7.3AI score0.00309EPSS
Exploits0
seebug.org
seebug.org
added 2016/08/25 12:0 a.m.34 views

WordPress Mail Masta Plugin 1.0 - local file inclusion

This file contains the vulnerability allows an attacker to include a file,usually using a“dynamic file include”mechanisms in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Source file: /inc/campaign/countofsend.php Line 4:...

6.6AI score
Exploits0
exploitpack
exploitpack
added 2016/08/23 12:0 a.m.14 views

WordPress Plugin Mail Masta 1.0 - Local File Inclusion

WordPress Plugin Mail Masta 1.0 - Local File Inclusion + Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/23 12:0 a.m.42 views

WordPress Mail Master 1.0 Local File Inclusion

Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/08/23 12:0 a.m.110 views

WordPress Plugin Mail Masta 1.0 - Local File Inclusion

Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...

7.4AI score
Exploits0
myhack58
myhack58
added 2013/04/17 12:0 a.m.50 views

PHP file include vulnerability details(including the truncated method)-vulnerability warning-the black bar safety net

One, what is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...

7.4AI score
Exploits0
Rows per page
Query Builder