Lucene search
K

230 matches found

Veracode
Veracode
added 2025/04/28 7:42 a.m.8 views

Cross-Site Scripting (XSS)

github.com/songquanpeng/one-api is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the argument "Homepage Content/About System/Footer.", allows malicious content to be injected and executed in the user's browser...

4.8CVSS3.4AI score0.00278EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/04/14 8:22 p.m.29 views

CVE-2022-43847 IBM Aspera Console HTTP header injection

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/02 4:17 p.m.16 views

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. The...

4.8CVSS0.00278EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/03/11 3:13 a.m.12 views

USN-7340-1: OpenVPN vulnerabilities

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...

9.8CVSS8.8AI score0.03629EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/02 12:47 p.m.16 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-25577, CVE-2023-23934]

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...

7.5CVSS6.9AI score0.0142EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/02 7:20 a.m.14 views

CVE-2025-0764

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher...

6.5CVSS6.7AI score0.00354EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/28 12:0 a.m.21 views

Mattermost Server 9.11.x < 9.11.8 / 10.2.x < 10.2.3 / 10.3.x < 10.3.3 / 10.4.x < 10.4.2 (MMSA-2025-00430)

The version of Mattermost Server installed on the remote host is prior to 9.11.8, 10.2.3, 10.3.3, or 10.4.2. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00430 advisory. - Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail t...

9.9CVSS5.7AI score0.2251EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/02/12 12:0 a.m.4 views

The vulnerability of the nvme-pci component of the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the nvme-pci component of the Linux operating system’s kernel is related to improper input validation. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.4AI score0.00237EPSS
Exploits0References41Affected Software6
CVE
CVE
added 2025/02/11 10:47 p.m.81 views

CVE-2025-25203

CVE-2025-25203 affects CtrlPanel (open-source billing software). The XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering of this field in the moderator panel. Vers...

8.1CVSS7.2AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/10 12:0 a.m.21 views

CVE-2024-46435

A stack overflow vulnerability in the Tenda W18E V16.01.0.81625 web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the...

0.00807EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 9:6 p.m.39 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46939 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caus...

9.8CVSS9.4AI score0.01358EPSS
Exploits0Affected Software1
Redos
Redos
added 2025/01/20 12:0 a.m.13 views

ROS-20250120-04

A vulnerability in the fs/ntfs3 components of the Linux operating system kernel is related to read errors outside the bounds in the checkrstbl function in fs/ntfs3/fslog.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the jfs component ...

7.8CVSS7.2AI score0.00353EPSS
Exploits0
CVE
CVE
added 2025/01/17 2:16 a.m.64 views

CVE-2024-51462

IBM QRadar WinCollect Agent (Windows) versions 10.0.0–10.1.12 are affected by CVE-2024-51462 due to improper input validation of assumed immutable data, enabling a remote attacker to inject XML data into parameter values and potentially modify data. Remediation is to upgrade to WinCollect Standal...

5.3CVSS4.3AI score0.00357EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 4:15 a.m.6 views

CVE-2024-11777

The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sellmediasearchformgutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00325EPSS
Exploits0References3
CVE
CVE
added 2025/01/06 3:17 a.m.134 views

CVE-2024-20148

CVE-2024-20148 concerns MediaTek wlan STA FW where an improper input validation leads to an out-of-bounds write. The vulnerability could enable remote code execution on proximal devices with no privileges and no user interaction required. Patch IDs associated are WCNCR00389045 and ALPS09136494 (M...

9.8CVSS7.8AI score0.00254EPSS
Exploits0References1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/18 9:57 a.m.38 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...

8.7CVSS7.9AI score0.09438EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2024/12/18 6:18 a.m.25 views

CVE-2024-1610 OPPO Store app include remote account token hijacking and sensitive information leakage

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation...

8.7CVSS0.0067EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.12 views

RockyLinux 9 : podman (RLSA-2024:9051)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9051 advisory. Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction CVE-2024-9407 buildah: Buildah allows arbitra...

7.8CVSS6.7AI score0.01345EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.5 views

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the network MySQL protocol...

6.8CVSS6.4AI score0.00817EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.5 views

PT-2024-31450 · Unknown · Uci Idol 2

Name of the Vulnerable Software and Affected Versions: UCI IDOL 2 versions through 2.12 Description: The issue is caused by improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer. This makes UCI IDOL 2 vulnerable to...

9.8CVSS7.8AI score0.01205EPSS
Exploits1References12
Rows per page
Query Builder