Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5048 matches found

CNNVD
CNNVDadded 2021/10/26 12:0 a.m.2 views

OpenClinic GA 安全漏洞

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA, which stems from the fact that by default, the Authenticated Users group has permissio...

9.3CVSS7.7AI score0.01276EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2021/10/25 12:0 a.m.408 views

Gestionale Open 11.00.00 Privilege Escalation

Exploit Title: Gestionale Open 11.00.00 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://www.gestionaleopen.org/ Software Homepage: https://www.gestionaleopen.org/ Software Link:...

0.3AI score
Exploits0
0day.today
0day.todayadded 2021/10/25 12:0 a.m.365 views

Gestionale Open 11.00.00 - Local Privilege Escalation Vulnerability

Exploit Title: Gestionale Open 11.00.00 - Local Privilege Escalation Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://www.gestionaleopen.org/ Software Homepage: https://www.gestionaleopen.org/ Software Link:...

7.4AI score
Exploits0
OSV
OSVadded 2021/10/22 8:15 p.m.1 views

CVE-2020-23039

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

5.4CVSS5.9AI score
Exploits0References1
NVD
NVDadded 2021/10/22 8:15 p.m.9 views

CVE-2020-23039

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

5.4CVSS0.00562EPSS
Exploits1References1
Prion
Prionadded 2021/10/22 8:15 p.m.13 views

Cross site scripting

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

3.5CVSS5.3AI score0.00562EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2021/10/22 7:20 p.m.44 views

CVE-2020-23039

CVE-2020-23039 concerns Folder Lock v3.4.5, where a stored XSS vulnerability exists in the Create Folder function (Create module). The underlying issue is lack of data validation/filtering for user-supplied data in folder names/paths, allowing an attacker to inject arbitrary web scripts or HTML t...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2021/10/22 7:20 p.m.17 views

CVE-2020-23039

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

5.3AI score0.00562EPSS
Exploits1References1
OSV
OSVadded 2021/10/22 2:15 p.m.1 views

CVE-2021-42542

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure...

8.8CVSS7.3AI score0.01391EPSS
Exploits0References1
OSV
OSVadded 2021/10/22 2:15 p.m.3 views

CVE-2021-30359

The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation...

7.8CVSS7.2AI score0.0393EPSS
Exploits0References2
OSV
OSVadded 2021/10/22 2:15 p.m.3 views

CVE-2021-42540

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

8.8CVSS7.3AI score0.00966EPSS
Exploits0References1
NVD
NVDadded 2021/10/22 2:15 p.m.10 views

CVE-2021-42542

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure...

8.8CVSS0.01391EPSS
Exploits0References1
Prion
Prionadded 2021/10/22 2:15 p.m.15 views

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

6.5CVSS8.6AI score0.00966EPSS
Exploits0References1Affected Software3
Prion
Prionadded 2021/10/22 2:15 p.m.17 views

Directory traversal

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure...

6.5CVSS8.7AI score0.01391EPSS
Exploits0References1Affected Software3
CVE
CVEadded 2021/10/22 1:23 p.m.40 views

CVE-2021-42542

CVE-2021-42542 affects Emerson WirelessHART Gateway devices, where a directory traversal flaw stems from mishandling the structure of the supplied backup folder during restore. Public sources (NVD, CVE record, and ICS advisory) assign a CVSSv3 base score of 8.0 (high) and note remote exploitation...

8.8CVSS8.3AI score0.01391EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/10/22 1:23 p.m.14 views

CVE-2021-42542 Emerson WirelessHART Gateway

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure...

8CVSS8.9AI score0.01391EPSS
Exploits0References1
Cvelist
Cvelistadded 2021/10/22 1:23 p.m.19 views

CVE-2021-42540 Emerson WirelessHART Gateway

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

8CVSS8.8AI score0.00966EPSS
Exploits0References1
OSV
OSVadded 2021/10/22 12:15 p.m.2 views

CVE-2021-38465

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable...

6.5CVSS6.6AI score0.00788EPSS
Exploits0References1
NVD
NVDadded 2021/10/22 12:15 p.m.18 views

CVE-2021-38465

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable...

8CVSS0.00788EPSS
Exploits0References1
Prion
Prionadded 2021/10/22 12:15 p.m.18 views

Design/Logic Flaw

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable...

4CVSS7.1AI score0.00788EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder