Lucene search
K

11652 matches found

CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in version 1.0 of wtcms, which stems from unprocessed application parameters in the plupload method in the file AssetController.class.php, and can be exploited by an attacker to execute arbitrary...

4.8CVSS5.9AI score0.00229EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.9 views

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.5AI score0.00268EPSS
Exploits1References1
CVE
CVE
added 2024/10/25 12:0 a.m.94 views

CVE-2024-48234

The CVE-2024-48234 issue affects mipjz 5.0.5. In the push method of app\tag\controller ApiAdminTag.php, the postAddress parameter is not validated and is passed directly to curl_exec, enabling server-side request forgery (SSRF) that can read server files. Red Hat and NVD entries confirm the same ...

4.9CVSS6.8AI score0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.12 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

8.3AI score0.00278EPSS
Exploits1References1
NVD
NVD
added 2024/10/23 11:15 a.m.15 views

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

7.5CVSS0.0039EPSS
Exploits0References1
Huntr
Huntr
added 2024/10/22 3:18 p.m.4 views

SSRF via POST /api/proxy

This report is not public...

7.5CVSS7.1AI score0.00703EPSS
Exploits1
NVD
NVD
added 2024/10/21 8:15 p.m.16 views

CVE-2024-50042

In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 /sys/bus/pci/devices/$PFPCI/sriovdriversautoprobe...

7.1CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2024/10/21 1:15 p.m.11 views

CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS0.00253EPSS
Exploits0References11
OSV
OSV
added 2024/10/21 1:15 p.m.15 views

AZL-50833 CVE-2024-49860 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS6.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 1:15 p.m.3 views

DEBIAN-CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS6.3AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:30 p.m.6 views

GHSA-7PP4-388X-2XQJ SQL injection in funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...

8.6CVSS7.3AI score0.00486EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2024/10/21 12:27 p.m.14 views

CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS6.3AI score0.00253EPSS
Exploits0
OSV
OSV
added 2024/10/21 12:27 p.m.16 views

CVE-2024-49860 ACPI: sysfs: validate return type of _STR method

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS6.5AI score0.00253EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2024/10/21 12:27 p.m.14 views

CVE-2024-49860 ACPI: sysfs: validate return type of _STR method

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.2AI score0.00253EPSS
Exploits0References9
NVD
NVD
added 2024/10/21 12:15 p.m.21 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

7.2CVSS0.00486EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.24 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

8AI score0.00486EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from a SQL injection vulnerability in the selectFields parameter of the index method of...

7.2CVSS8AI score0.00486EPSS
Exploits1References2
CVE
CVE
added 2024/10/21 12:0 a.m.75 views

CVE-2024-48231

CVE-2024-48231 affects Funadmin 5.0.2. The vulnerability is an SQL Injection in the backend/auth/Auth.php: the index() method mishandles the selectFields parameter, enabling manipulation of database queries. This is confirmed across multiple sources (Veracode, Snyk, GHSA, OSV, NVD) describing a S...

7.2CVSS7.6AI score0.00486EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/10/21 12:0 a.m.30 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

0.00486EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2024/10/18 12:0 a.m.5 views

Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the exportSvg method. Due to...

6.5CVSS6AI score0.16677EPSS
Exploits1References1
Rows per page
Query Builder