Lucene search
K

73 matches found

OSV
OSV
added 2024/04/10 3:30 p.m.36 views

GHSA-WH4M-6RH3-P4RQ Magento Open Source allows Improper Input Validation

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack...

9.5CVSS9.4AI score0.01418EPSS
Exploits0References3
OSV
OSV
added 2024/03/22 5:3 p.m.6 views

CVE-2024-29185 FreeScout OS Command Injection vulnerability

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS8.1AI score0.01731EPSS
Exploits1References3
OSV
OSV
added 2023/10/13 9:30 a.m.10 views

GHSA-GGR8-3HWX-4F2M Magento Open Source allows SQL Injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

8.9CVSS8.1AI score0.00829EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/13 6:15 a.m.6 views

CVE-2023-38249 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

8CVSS8.1AI score0.00829EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/15 2:31 p.m.2 views

CVE-2023-4986 Supcon InPlant SCADA Project.xml unknown vulnerability

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

2.5CVSS3.7AI score0.00189EPSS
Exploits1References3
ICS
ICS
added 2023/06/27 6:0 a.m.65 views

Hitachi Energy FOXMAN-UN and UNEM Products

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive...

4.4CVSS4.9AI score0.00241EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.5 views

PT-2023-19459 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 2.8.3 Description: A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the...

5.9CVSS7.2AI score0.00726EPSS
Exploits0References7
Hacker One
Hacker One
added 2022/10/29 5:46 a.m.35 views

Shopify: Reflected XSS In Marketing Reports Page On *.myshopify.com/admin

The returnpagepathname parameter on the marketing reports page of a Shopify store was vulnerable to reflected cross-site scripting XSS when using the javascript: protocol. The vulnerability was assessed as having high attack complexity, as specific conditions were required for the XSS to execute...

5.6AI score
Exploits0
NVD
NVD
added 2022/07/22 3:15 p.m.17 views

CVE-2022-2142

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...

8.1CVSS0.00758EPSS
Exploits0References1
OSV
OSV
added 2022/07/22 3:15 p.m.3 views

CVE-2022-2142

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...

5.9CVSS5.7AI score0.00758EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/22 2:59 p.m.21 views

CVE-2022-2142 Advantech iView

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...

8.1CVSS8.4AI score0.00758EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/07/22 2:59 p.m.7 views

CVE-2022-2142 Advantech iView

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...

8.1CVSS8.2AI score0.00758EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/11/20 5:37 p.m.48 views

CVE-2019-19126

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

3.3CVSS2AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder