Lucene search
K

217 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 1:27 a.m.12 views

CVE-2022-34885

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code...

7.2CVSS7.2AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:2 p.m.12 views

CVE-2019-13343

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...

9.9CVSS7AI score0.02248EPSS
Exploits1References1
Veracode
Veracode
added 2025/01/29 5:59 a.m.8 views

Cross-site Scripting (XSS)

store2 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the store.deep.js component, allowing a remote attacker to execute arbitrary code...

6.1CVSS7AI score0.00347EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.3 views

WordPress plugin Wishlist for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.9CVSS8AI score0.00341EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/23 2:11 a.m.15 views

OS Command Injection

Ray is vulnerable to Os command Injection. The vulnerability is due to improper input sanitization in the cpuprofile URL parameter, allowing attackers to execute OS commands remotely on the system running the Ray dashboard without authentication...

9.8CVSS7.6AI score0.81512EPSS
Exploits22References5Affected Software1
OpenVAS
OpenVAS
added 2025/01/21 12:0 a.m.16 views

OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows

OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...

9.1CVSS9.2AI score0.00805EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.12 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-795 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...

8.7CVSS6.4AI score0.00873EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.7 views

WordPress plugin Custom Field For WP Job Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS7.5AI score0.00412EPSS
Exploits1References2
Snyk
Snyk
added 2024/12/23 4:40 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toHTMLEx method due to improper input sanitization. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input data processed by this method. Details Cross-site...

6.8CVSS5.5AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

WordPress plugin Hive Support SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS9AI score0.0048EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/29 5:38 a.m.8 views

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...

5.4CVSS6.2AI score0.00403EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/11/28 10:5 a.m.8 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization when adding notes to a device, allowing JavaScript code in the notes to be triggered when the ExamplePlugin is enabled...

4.8CVSS5.8AI score0.00332EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.9 views

PT-2024-9473 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "scan ap" API of Advantech's...

9CVSS7.8AI score0.01354EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/11/19 5:0 a.m.13 views

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

7.5CVSS6.8AI score0.00482EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.11 views

Siemens SCALANCE M-800 Family Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-50572)

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.6CVSS7.9AI score0.00648EPSS
Exploits0References7
Veracode
Veracode
added 2024/11/11 4:25 p.m.7 views

Cross-Site Request Forgery (CSRF)

Mattermost is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper sanitization of user inputs in the frontend used for redirection, allowing a one-click client-side path traversal that results in a cross-site request forgery CSRF in Playbooks...

4.6CVSS6.7AI score0.00149EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/09 3:15 p.m.3 views

CVE-2024-51597

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeShark ThemeShark Templates & Widgets for Elementor allows Stored XSS.This issue affects ThemeShark Templates & Widgets for Elementor: from n/a through 1.1.7...

5.4CVSS5.8AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2024/11/08 6:30 a.m.2 views

GHSA-3XGQ-45JJ-V275 Regular Expression Denial of Service (ReDoS) in cross-spawn

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

8.7CVSS6.8AI score0.00873EPSS
Exploits0References9
NVD
NVD
added 2024/11/08 5:15 a.m.53 views

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

8.7CVSS0.00873EPSS
Exploits0References5
OSV
OSV
added 2024/11/08 5:15 a.m.8 views

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

8.7CVSS5.9AI score
Exploits0References5
Rows per page
Query Builder