Lucene search
K

213 matches found

CNNVD
CNNVD
added 2024/09/18 12:0 a.m.4 views

DrayTek Vigor 3910 安全漏洞

DrayTek Vigor 3910 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version v4.3.2.6 that originates from a buffer overflow issue contained in the pubkey parameter of the v2x00.cgi page. An attacker can cause a deni...

7.5CVSS7.1AI score0.00523EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.4 views

PT-2024-32043 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow issue was discovered in the pub key parameter at the "v2x00.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: Fo...

7.5CVSS7.2AI score0.00523EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.11 views

PT-2024-22975 · Sportsnet · Sportsnet

Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query. The vulnerable API...

9.8CVSS7.7AI score0.00408EPSS
Exploits0References7
OSV
OSV
added 2024/08/26 5:15 p.m.5 views

CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.2 views

WordPress plugin Post Meta Data Manager Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00344EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.8 views

The vulnerabilities of the functions EVP_PKEY_param_check() and EVP_PKEY_public_check() in the OpenSSL cryptographic library allow a attacker to cause a service failure.

The vulnerability of the EVPPKEYparamcheck and EVPPKEYpubliccheck functions in the OpenSSL cryptographic library is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

5.3CVSS6.7AI score0.01131EPSS
Exploits0References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.29 views

EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2024-1706)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to...

6.5CVSS6.6AI score0.73461EPSS
Exploits0References5
OSV
OSV
added 2024/05/16 4:15 p.m.5 views

AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
NVD
NVD
added 2024/04/18 5:15 p.m.20 views

CVE-2024-32326

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...

6.8CVSS5.8AI score0.00575EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/18 12:0 a.m.10 views

CVE-2024-32326

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...

6AI score0.00575EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.4 views

WordPress Plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.7AI score0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.4 views

PT-2024-15686 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress versions up to, and including, 1.12.9 Description: The issue is related to Stored Cross-Site Scripting via the api key parameter...

7.2CVSS8.2AI score0.00542EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.4 views

ZhiCms SQL注入漏洞

ZhiCms is a professional worth-buying system of ZhiCms community. ZhiCms version 4.0 has a SQL injection vulnerability that stems from the parameter key of the file app/index/controller/mcontroller.php that causes SQL injection...

8.8CVSS7.1AI score0.00807EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.6 views

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...

9.8CVSS8.3AI score0.0051EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.11 views

WordPress Plugin RSS Aggregator by Feedzy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS7.8AI score0.00714EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.9 views

PT-2024-17937 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.2 Description: The issue is related to SQL Injection via the search key parameter due to...

8.8CVSS9.5AI score0.00714EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

Tenda AX1803 Security Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A security vulnerability exists in the Tenda AX1803 v.1.0.0.1, which stems from the presence of a buffer overflow vulnerability. An attacker can exploit the vulnerability to execute arbitrary code via the wpapskcrypto parameter of...

9.8CVSS8.3AI score0.13224EPSS
Exploits1References1
OSV
OSV
added 2023/11/15 6:15 a.m.5 views

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

8.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/11/15 6:15 a.m.18 views

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

8.8CVSS0.00667EPSS
Exploits0References1
Prion
Prion
added 2023/11/15 6:15 a.m.14 views

Sql injection

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

6.5CVSS8.8AI score0.00667EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder