Lucene search
+L

248 matches found

RedHat Linux
RedHat Linux
added 2025/02/12 4:8 a.m.7 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
OSV
OSV
added 2025/02/04 2:15 p.m.22 views

UBUNTU-CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

5.4CVSS6.8AI score0.01331EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/02/03 11:45 p.m.7 views

WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...

4.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/03 11:14 p.m.5 views

WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

4.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 1:26 p.m.5 views

Malicious code in @add-wallet-exchange/set-imported-csv-message (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

Autodesk Revit 缓冲区错误漏洞

Autodesk Revit is a suite of building information modeling software from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Revit that stems from a potential heap-based overflow if a maliciously crafted SKP file is linked or imported into Autodesk Revit. An attacker...

7.8CVSS7.4AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2024/11/12 7:40 a.m.3 views

MAL-2024-12212 Malicious code in backwwii (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-32872 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The built-in error page in OpenRefine includes the exception message and exception traceback without escaping HTML tags, allowing injection into the page if an attacker can produce an error with...

9.8CVSS6.8AI score0.45473EPSS
Exploits8References44
BDU FSTEC
BDU FSTEC
added 2024/09/10 12:0 a.m.7 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab allows a hacker to replace the code in imported CI/CD pipelines.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to replace the code in imported CI/CD pipelines...

4CVSS5.6AI score0.00329EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 1:15 a.m.6 views

WordPress Popup Builder plugin <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File vulnerability

Sensitive Information Exposure via Imported Subscribers CSV File vulnerability discovered by Tim Coen in WordPress Plugin Popup Builder versions = 4.3.6...

7.5CVSS7AI score0.00564EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/07 9:59 a.m.7 views

WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability

Sensitive Information via Imported File vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.8...

7.5CVSS7AI score0.0042EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.8 views

GitLab Cross-Site Scripting Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions 16.9 throu...

8.7CVSS6.4AI score0.32784EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.7 views

PT-2024-6674 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious...

8.7CVSS5.5AI score0.32784EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.4 views

PT-2024-5975 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: A resource misdirection vulnerability in GitLab allows an attacker to craft a repository import in such...

4CVSS6.8AI score0.00329EPSS
Exploits0References14
OSV
OSV
added 2024/03/06 10:52 a.m.21 views

BIT-CONSUL-2022-3920 Consul Peering Imported Nodes/Services Leak

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

7.5CVSS6AI score0.0066EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 12:15 p.m.28 views

Design/Logic Flaw

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be...

4CVSS4.7AI score0.00866EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.8 views

PT-2024-15694 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...

4.8CVSS5.4AI score0.0054EPSS
Exploits1References8
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.39 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

6.5AI score0.00812EPSS
Exploits2Affected Software1
NVD
NVD
added 2024/01/10 1:15 p.m.23 views

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

8.8CVSS8.2AI score0.00541EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.6 views

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to access sensitive data within the export package or perform remote...

8.8CVSS8AI score0.00541EPSS
Exploits0References2
Rows per page
Query Builder