Lucene search
K

254 matches found

CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that is caused by improper data authorization. An attacker could exploit this vulnerability to obtain sensitive information...

6.5CVSS6AI score0.00727EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/12 7:36 a.m.12 views

Information Disclosure

nonebot2 is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user-provided data in a MessageTemplate, which could result in sensitive information disclosure if the user input is used in templates without adequate filtering...

6.5CVSS6.2AI score0.00492EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/02 12:0 a.m.20 views

GitLab 10.8 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-3639)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3....

7.5CVSS7.3AI score0.00841EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.4 views

Huawei HarmonyOS 信息泄露漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from information being stored in an improper location, thereby compromising confidentiality...

7.5CVSS6.3AI score0.00443EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.6 views

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS, related to improper data cleaning in the SNMP configuration, allows a attacker to execute XSS attacks.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS is related to improper data cleaning in the SNMP configuration. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.8AI score0.00296EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/10/13 2:15 a.m.18 views

Authentication flaw

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending...

6.4CVSS9.3AI score0.0085EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2023/09/29 12:0 a.m.25 views

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS5.9AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.6 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 2.0, which...

6.1CVSS6.1AI score0.01061EPSS
Exploits0References4
NVD
NVD
added 2023/09/06 1:15 p.m.20 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5AI score0.00726EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-4507 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive...

6.8CVSS6.2AI score0.00555EPSS
Exploits0References9
Zero Day Initiative
Zero Day Initiative
added 2023/07/26 12:0 a.m.25 views

Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

7.8CVSS6.8AI score0.00413EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/06/29 12:0 a.m.31 views

CVE-2023-2860

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This fla...

4.4CVSS6.6AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2023/06/06 5:15 p.m.2 views

CVE-2023-32203

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6.1AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.6 views

rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting

A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks...

6.1CVSS6.5AI score0.00792EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2023/05/01 12:0 a.m.14 views

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.02163EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/04/14 1:51 a.m.1 views

SUSE CVE-2023-27349

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the...

8CVSS9.2AI score0.01427EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2023/04/11 12:0 a.m.6 views

CVE-2023-25755

Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer CWE-119 due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project...

7.7AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-3268 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient cleaning of user data in the administration panel, allowing a user to inject and execute arbitrary HTML and script code i...

10CVSS6.7AI score0.99628EPSS
Exploits40References206
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.4 views

The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.0174EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/22 12:0 a.m.5 views

The vulnerability of Azure HDInsight’s data analysis service in the Windows operating system allows attackers to perform spear-phishing attacks.

The vulnerability of the Azure HDInsight data analysis service for the Windows operating system is related to improper data processing. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

6.1CVSS5.8AI score0.04047EPSS
Exploits3References2
Rows per page
Query Builder