Lucene search
K

11635 matches found

CVE
CVE
added 2025/01/14 12:0 a.m.56 views

CVE-2024-57761

Summary (CVE-2024-57761) The JeeWMS application contains an arbitrary file upload vulnerability in the parserXML() method that can lead to remote code execution. Affected lineage is JeeWMS versions prior to 2025.01.01; exploitation involves uploading a crafted file to trigger arbitrary code execu...

8.1CVSS7.8AI score0.00473EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.9 views

Adobe Animate 数字错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Animate that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.1AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-3148 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

4.3CVSS6.8AI score0.00188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-3149 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

7.5CVSS7.5AI score0.00352EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.4 views

PT-2025-2621 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue allows cyber-criminals to exploit a session fixation vulnerability by sending crafted URLs with a session token to access the victim's login session. Recommendations: At th...

6.4CVSS6.1AI score0.00232EPSS
Exploits0References6
OSV
OSV
added 2025/01/10 1:0 p.m.4 views

OESA-2025-1030 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

8.8CVSS7.5AI score0.005EPSS
Exploits0References3
OSV
OSV
added 2025/01/09 8:15 p.m.7 views

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

6.3CVSS8AI score0.00251EPSS
Exploits1References2
NVD
NVD
added 2025/01/09 8:15 p.m.10 views

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

6.3CVSS0.00251EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/01/09 2:56 p.m.21 views

Moderate: Red Hat Security Advisory: tuned security update

An update for tuned is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

5.5CVSS6.4AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/09 2:36 p.m.6 views

CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS7.1AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2025/01/09 1:15 a.m.9 views

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

4CVSS6.7AI score0.00332EPSS
Exploits2References5
OSV
OSV
added 2025/01/09 1:15 a.m.1 views

DEBIAN-CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

6.3CVSS5.6AI score0.00632EPSS
Exploits0References1
OSV
OSV
added 2025/01/09 1:15 a.m.1 views

UBUNTU-CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

6.3CVSS6AI score0.00632EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/09 12:33 a.m.25 views

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

0.00332EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/01/09 12:33 a.m.13 views

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

7.2AI score0.00332EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi v.4.7.9 and earlier versions, which is caused by the ilterKeyword method not completely filtering SQL injected keywords...

6.3CVSS7.1AI score0.00251EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Swift Mailer, which stems from the inclusion of an Expose Danger method or feature vulnerability...

9.1CVSS6.8AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 12:0 a.m.53 views

CVE-2024-54762

CVE-2024-54762 affects Ruoyi v4.7.9 and earlier. The root cause is in the filterKeyword method, which does not fully filter SQL injection keywords, enabling an authenticated SQL injection risk. The CVSS 3.1 base score is 6.3 (MEDIUM) with network attack vector, low impacts to confidentiality/inte...

6.3CVSS8.4AI score0.00251EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-3068 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: Ruoyi versions 4.7.9 and earlier Description: The issue is related to an authenticated SQL injection risk. This occurs because the filterKeyword method does not fully filter SQL injection keywords, leading to a potential SQL injection risk...

6.3CVSS6.7AI score0.00251EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.13 views

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

0.00251EPSS
Exploits1References2
Rows per page
Query Builder