Lucene search
K

676 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.12 views

CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

4.7CVSS6.8AI score0.00332EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.5 views

CVE-2019-9204

SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...

9.8CVSS8.4AI score0.19685EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:51 a.m.7 views

CVE-2019-9203

Authorization bypass in Nagios IM component of Nagios XI before 2.2.7 allows closing incidents in IM via the API...

9.8CVSS6.9AI score0.20368EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.8 views

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

10CVSS7.9AI score0.03799EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.17 views

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.8CVSS7.9AI score0.02415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.8 views

CVE-2012-6273

SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU aka search user request...

7.5CVSS8.8AI score0.0126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:27 a.m.6 views

CVE-2019-9202

Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...

8.8CVSS7.7AI score0.24176EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.7 views

CVE-2013-1161

The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service blocked connection by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383...

6.3CVSS6.5AI score0.00933EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.7 views

CVE-2012-6274

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors...

5CVSS7.3AI score0.46868EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.5 views

CVE-2012-6275

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via 1 the filename header in an SCH request or 2 the userid component in a DUPF request...

10CVSS7.2AI score0.46498EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:6 p.m.14 views

CVE-2007-5543

Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590...

9.3CVSS7.9AI score0.03952EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:6 p.m.16 views

CVE-2007-5542

Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590...

9.3CVSS7.9AI score0.03952EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/04/11 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7430-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.9AI score0.00699EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/13 11:48 p.m.19 views

CVE-2024-35593

An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file...

5.5CVSS7.8AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/13 11:7 p.m.16 views

CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...

9.6CVSS7.8AI score0.00563EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 4:41 p.m.6 views

Malicious code in @im-dims/bail (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/12 4:23 a.m.9 views

CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode

The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS7.4AI score0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 4:23 a.m.29 views

CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode

The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.6 views

PT-2024-17640 · WordPress · Arena.Im

Name of the Vulnerable Software and Affected Versions: Arena.IM – Live Blogging for real-time events plugin for WordPress versions up to, and including, 0.3.0 Description: The issue is due to missing or incorrect nonce validation on the albfre user action AJAX action. This allows unauthenticated...

4.3CVSS7.1AI score0.00176EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

WordPress plugin Arena.IM – Live Blogging for real-time events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS7.9AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder