Lucene search
+L

173 matches found

CNNVD
CNNVD
added 2024/06/27 12:0 a.m.6 views

LoLLMs Cross-Site Scripting Vulnerability

LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...

6.1CVSS6.2AI score0.00351EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/09 12:0 a.m.2 views

Mutt Code Issues Vulnerabilities

Mutt is a text-based mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt due to a null pointer dereference when composing a specially crafted draft message...

5.7CVSS6.7AI score0.00506EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.6 views

PT-2023-6025 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform an HTML injection. This occurs because the error message for a form...

6.4CVSS6.5AI score0.00411EPSS
Exploits0References9
Prion
Prion
added 2023/06/30 8:15 p.m.20 views

Arbitrary file deletion

Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character...

3.2CVSS6.9AI score0.00401EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2023/05/05 12:0 a.m.7 views

IBM Maximo Asset Management Information Disclosure Vulnerability (CNVD-2023-37167)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

5.3CVSS5.9AI score0.00527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/15 9:37 a.m.6 views

CVE-2023-25695 Information disclosure in Apache Airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

6.8AI score0.01382EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.4 views

SUSE CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

7.5CVSS7.6AI score0.05802EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-1104

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

4.3CVSS5.9AI score0.0195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.3 views

CVE-2022-31741

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

6.6AI score0.00662EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/20 6:50 p.m.6 views

CVE-2022-23537 PJSIP vulnerable to heap buffer overflow when decoding STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects...

6.5CVSS9.4AI score0.01026EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.5 views

SEMCMS SQL注入漏洞

SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntMessage.php...

9.8CVSS8.5AI score0.00748EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.6 views

多款 GitLab 产品资源管理错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A security vulnerability exists in GitLab Community Edition CE and GitLab Enterprise...

4.3CVSS6.5AI score0.00876EPSS
Exploits0References5
OSV
OSV
added 2022/08/29 2:40 p.m.10 views

CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

4.3CVSS6.1AI score0.00645EPSS
Exploits2References4
OSV
OSV
added 2022/06/04 8:25 p.m.8 views

MGASA-2022-0220 Updated firefox/nss/nspr packages fix security vulnerability

A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...

9.8CVSS9.1AI score0.01055EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

Cybozu Garoon 跨站脚本漏洞

A cross-site scripting vulnerability exists in Message in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

5.4CVSS5.7AI score0.00605EPSS
Exploits0References4
Amazon
Amazon
added 2021/05/20 5:0 p.m.129 views

Important: systemd

Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...

7.8CVSS0.7AI score0.02279EPSS
Exploits8
Veracode
Veracode
added 2021/02/10 9:19 a.m.17 views

Arbitrary Code Execution

tt-rss is vulnerable to arbitrary code execution. The vulnerability exists as plugins/afproxyhttp/init.php mishandles the $REQUEST"url" in an error message...

8.1CVSS3.7AI score0.01193EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/14 12:15 a.m.32 views

Heap overflow

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...

6.4CVSS9.1AI score0.04941EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2021/01/13 11:25 p.m.33 views

CVE-2020-27267

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...

9.3AI score0.04941EPSS
Exploits0References1
Prion
Prion
added 2020/12/21 8:15 p.m.16 views

Information disclosure

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

7.5CVSS9.7AI score0.03608EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder