Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

227 matches found

ATTACKERKB
ATTACKERKBadded 2023/08/14 1:15 p.m.1 views

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

9.8CVSS7.4AI score0.01166EPSS
Exploits1References7
OSV
OSVadded 2023/08/14 1:15 p.m.20 views

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

9.8CVSS7.7AI score
Exploits0References6
NVD
NVDadded 2023/08/14 1:15 p.m.7 views

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

7.5CVSS7.3AI score0.01056EPSS
Exploits1References6
Prion
Prionadded 2023/08/14 1:15 p.m.18 views

Design/Logic Flaw

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

7.5CVSS9.6AI score0.01166EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2023/08/14 1:15 p.m.16 views

Improper access control

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

7.5CVSS9.5AI score0.02334EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2023/08/14 1:15 p.m.17 views

Privilege escalation

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

5CVSS7.4AI score0.01056EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2023/08/14 12:0 a.m.2 views

PT-2023-4392 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 4.0.3 through 7.3.2 Description: The issue is related to a Memory Exhaustion vulnerability in the JavaScript File Handler component of ONLYOFFICE Document Server. This vulnerability allows remote attackers ...

7.5CVSS7.3AI score0.01056EPSS
Exploits1References13
Positive Technologies
Positive Technologiesadded 2023/08/14 12:0 a.m.2 views

PT-2023-4393 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: An out of bounds memory access issue in the JavaScript File Handler component allows remote attackers to execute arbitrary code via a crafted JavaScript file. This can be...

9.8CVSS9.4AI score0.02334EPSS
Exploits1References12
Positive Technologies
Positive Technologiesadded 2023/08/14 12:0 a.m.5 views

PT-2023-4363 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: A use after free issue in ONLYOFFICE DocumentServer allows remote attackers to run arbitrary code via a crafted JavaScript file. This issue is related to the JavaScript File...

9.8CVSS9.4AI score0.01166EPSS
Exploits1References16
Cvelist
Cvelistadded 2023/08/14 12:0 a.m.12 views

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

9.8AI score0.01166EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2023/08/14 12:0 a.m.11 views

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

6.8AI score0.01056EPSS
Exploits1References6
CVE
CVEadded 2023/08/14 12:0 a.m.60 views

CVE-2023-30188

The CVE-2023-30188 entry concerns ONLYOFFICE Document Server versions 4.0.3–7.3.2. The vulnerability is a memory exhaustion issue in the JavaScript File Handler component triggered by a crafted JavaScript file, enabling remote attackers to cause a denial of service. No exploit details are provide...

7.5CVSS7.3AI score0.01056EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2023/07/15 7:15 p.m.10 views

Hardcoded credentials

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

4.9CVSS4.8AI score0.00114EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2023/06/27 5:15 p.m.7 views

CVE-2023-34098

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

5.3CVSS5.2AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2023/04/27 4:44 p.m.9 views

CVE-2023-30852 Pimcore Arbitrary File Read in Admin JS CSS files

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the /admin/misc/script-proxy API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the scriptPath and scripts parameters. The...

4.4CVSS4.9AI score0.0001EPSS
Exploits0References3
NVD
NVDadded 2023/03/16 9:15 p.m.17 views

CVE-2022-43441

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability...

9.8CVSS9.1AI score0.06854EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2023/03/16 9:15 p.m.42 views

CVE-2022-43441

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability...

9.8CVSS7.6AI score0.06854EPSS
Exploits1References2
Talos
Talosadded 2023/03/16 12:0 a.m.207 views

Ghost Foundation node-sqlite3 code execution vulnerability

Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...

9.8CVSS9.2AI score0.06854EPSS
Exploits1
Prion
Prionadded 2023/03/12 5:15 a.m.11 views

Design/Logic Flaw

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...

5.8CVSS5.9AI score0.00542EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 6:20 a.m.1 views

SUSE CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

6.4CVSS7AI score0.01568EPSS
Exploits0References8
Rows per page
Query Builder