Lucene search
K

108 matches found

OSV
OSV
added 2025/03/03 7:15 p.m.10 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

9CVSS5.8AI score0.00539EPSS
Exploits3References2
CVE
CVE
added 2025/03/03 12:0 a.m.88 views

CVE-2025-26206

CVE-2025-26206 concerns a Cross-Site Request Forgery (CSRF) vulnerability in Sell Done Storefront v1.0. The issue stems from the absence of anti-CSRF protections in the web application, allowing a remote attacker to induce privileged actions via the index.html component. Affected code is identifi...

9CVSS6.9AI score0.00539EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:19 p.m.20 views

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

9.8CVSS6.8AI score0.01194EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.3 views

PT-2025-18234 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 136.0.7103.59 Description: The issue is related to a heap buffer overflow in the HTML component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML...

9.8CVSS9.1AI score0.0058EPSS
Exploits0References53
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.4 views

YznCMS 安全漏洞

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

5.4CVSS6.4AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.6 views

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A memory corruption vulnerability exists in Microsoft Edge HTML-based, which can be exploited by an attacker to execute arbitrary code on a system...

8.4CVSS7.5AI score0.00607EPSS
Exploits0References2
CNVD
CNVD
added 2024/06/26 12:0 a.m.1 views

Emby Media Server Cross-Site Scripting Vulnerability

Emby Media Server is a personal media server software for organizing, managing and sharing multimedia content such as music, movies, TV shows and more. Emby Media Server suffers from a cross-site scripting vulnerability that can be exploited to elevate privileges via the notifications.html...

6.1CVSS6.4AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2022/12/29 12:15 a.m.28 views

CVE-2022-4778

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

6.5CVSS0.00657EPSS
Exploits0References1
Prion
Prion
added 2022/12/29 12:15 a.m.16 views

Path traversal

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

4CVSS6.2AI score0.00657EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/28 2:20 p.m.13 views

CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

7.5CVSS6.9AI score0.01194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/28 2:20 p.m.3 views

CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

6.5CVSS6.3AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/28 2:20 p.m.24 views

CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

6.5CVSS6.4AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.4 views

Microsoft MSHTML.DLL 路径遍历漏洞

MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...

8.8CVSS8.5AI score0.96843EPSS
Exploits38References10
OSV
OSV
added 2021/06/08 8:12 p.m.20 views

GHSA-GXCM-36QW-J29V SQL Injection in tribalsystems/zenario

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS5.5AI score0.01327EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/06/08 8:11 p.m.40 views

reflected XSS in tribalsystems/zenario

Reflected XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting into the "cID" parameter when creating a new HTML component...

4.8CVSS6AI score0.01089EPSS
Exploits4References5Affected Software1
OSV
OSV
added 2021/04/15 2:15 p.m.5 views

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS5.9AI score0.01327EPSS
Exploits1References1
NVD
NVD
added 2021/04/15 2:15 p.m.31 views

CVE-2021-27673

Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...

4.8CVSS0.01089EPSS
Exploits4References2
OSV
OSV
added 2021/04/15 2:15 p.m.2 views

CVE-2021-27673

Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...

4.8CVSS6.1AI score0.01089EPSS
Exploits4References2
NVD
NVD
added 2021/04/15 2:15 p.m.19 views

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS0.01327EPSS
Exploits1References1
Prion
Prion
added 2021/04/15 2:15 p.m.17 views

Sql injection

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4CVSS5.5AI score0.01327EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder