Lucene search
+L

227 matches found

nvd
nvd
added 2025/03/11 3:15 p.m.10 views

CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS0.00445EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/03/11 2:16 p.m.7 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.6AI score0.00445EPSS
Exploits0References3
cvelist
cvelist
added 2025/03/11 2:16 p.m.22 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS0.00445EPSS
Exploits0References3
osv
osv
added 2025/03/11 2:16 p.m.14 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.5AI score0.00445EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/03/11 12:0 a.m.5 views

Ratify 授权问题漏洞

Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...

7.2CVSS6.4AI score0.00445EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/02/19 8:52 a.m.5 views

CVE-2025-1133 SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...

9.3CVSS8AI score0.00583EPSS
Exploits1References1
cve
cve
added 2025/02/19 8:34 a.m.49 views

CVE-2025-1024

ChurchCRM 5.13.0 is affected by a Reflected Cross‑Site Scripting (XSS) in EditEventAttendees.php (EID parameter) that requires administrative privileges. The vulnerability enables an attacker to execute arbitrary JavaScript in a victim’s browser, potentially stealing session cookies, acting on be...

8.4CVSS5.9AI score0.00268EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/02/19 8:34 a.m.30 views

CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...

8.4CVSS0.00268EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/02/19 8:34 a.m.17 views

CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...

8.4CVSS5.9AI score0.00268EPSS
Exploits1References1
osv
osv
added 2025/02/19 8:34 a.m.17 views

CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...

8.4CVSS6.2AI score0.00268EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/02/19 12:0 a.m.4 views

PT-2025-7493 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based blind SQL Injection vulnerability exists in the EditEventAttendees functionality, allowing an attacker to execute arbitrary SQL queries. The EID parameter is directly concatenat...

9.3CVSS10AI score0.00583EPSS
Exploits1References10
cnnvd
cnnvd
added 2025/01/11 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the v2extoffset, eidcnt, and ismgidcnt fields when receiving an offer...

5.5CVSS6.6AI score0.00213EPSS
Exploits0References5
cnvd
cnvd
added 2024/12/30 12:0 a.m.4 views

Responsive Hotel Site newsletter.php file SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from insufficient input validation of the eid parameter in file /admin/newsletter.php. An attacker can use this vulnerability to obtain sensitive information or...

9.8CVSS7.7AI score0.0067EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/12/29 12:0 a.m.5 views

code-projects Responsive Hotel Site 注入漏洞

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from insufficient input validation of the eid parameter in file /admin/newsletter.php. An attacker can use this vulnerability to obtain sensitive information or...

9.8CVSS7.6AI score0.0067EPSS
Exploits1References6
osv
osv
added 2024/12/22 7:15 a.m.5 views

CVE-2024-12891

A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit h...

8.8CVSS5.8AI score0.00508EPSS
Exploits1References5
osv
osv
added 2024/12/22 6:15 a.m.3 views

CVE-2024-12890

A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The...

8.8CVSS5.8AI score0.00508EPSS
Exploits1References5
cnnvd
cnnvd
added 2024/12/22 12:0 a.m.4 views

Code-Projects Online Exam Mastering System 注入漏洞

Code-Projects Online Exam Mastering System is a Code-Projects open source online exam system. An injection vulnerability exists in code-projects Online Exam Mastering System version 1.0, which is caused by an SQL injection into the parameter eid...

8.8CVSS7AI score0.00508EPSS
Exploits1References6
cnnvd
cnnvd
added 2024/12/22 12:0 a.m.5 views

code-projects Online Exam Mastering System 注入漏洞

Code-Projects Online Exam Mastering System is a Code-Projects open source online exam system. An injection vulnerability exists in code-projects Online Exam Mastering System version 1.0, which is caused by an SQL injection into the parameter eid...

8.8CVSS7AI score0.00508EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/12/11 12:0 a.m.12 views

PT-2025-2832

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue concerns the Linux kernel, specifically the net/smc component. When receiving a proposal message in the server, the fields v2 ext offset, eid cnt, and ism gid cnt in the proposal...

5.5CVSS5.4AI score0.00213EPSS
Exploits0
cvelist
cvelist
added 2024/12/05 3:10 p.m.29 views

CVE-2024-54130 Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public)

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID EID set to dtn:none is received. This causes the node to become...

9.2CVSS0.00422EPSS
Exploits0References1
Rows per page
Query Builder