Lucene search
K

180 matches found

RedhatCVE
RedhatCVE
added 2022/05/20 10:37 p.m.21 views

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

9.4CVSS1.7AI score0.01331EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.2 views

Jfinal CMS SQL注入漏洞

Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...

7.2CVSS7.4AI score0.00915EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.4 views

CuppaCMS SQL注入漏洞

CuppaCMS is a content management system CMS. SQL injection vulnerability exists in CuppaCMS v1.0, which originates from the missing validation of external input in the menufilter parameter in /administrator/templates/default/html/windows/right.php. SQL statement validation. An attacker could use...

9.8CVSS6.1AI score0.06922EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.4 views

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=siteoptions&social=display&value=0&sid=midsid parameter missing validation of external...

9.8CVSS6.1AI score0.01185EPSS
Exploits1References2
OSV
OSV
added 2022/03/10 5:44 p.m.3 views

CVE-2021-42787

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...

9.8CVSS5.8AI score0.01277EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.6 views

Luocms 跨站脚本漏洞

Luocms is an article management system. A cross-site scripting vulnerability exists in Luocms v2.0, which stems from a lack of data validation filtering of user-supplied data and output in /admin/news/sortadd.php and /inc/function.php. An attacker could use this vulnerability to execute JavaScrip...

6.1CVSS5.6AI score0.00665EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/19 12:0 a.m.3 views

WikiDocs 安全漏洞

WikiDocs is a database-less Markdown flat file Wiki engine by the individual developer Manuel Zavatta in Italy. WikiDocs suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker can exploit this...

6.1CVSS6.1AI score0.00845EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.36 views

Rocky Linux 8 : nodejs:12 (RLSA-2021:3623)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3623 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...

9.8CVSS7.2AI score0.37286EPSS
Exploits5References18
NVD
NVD
added 2022/01/15 5:15 p.m.17 views

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service abort because of missing call-setup input validation...

7.5CVSS0.01245EPSS
Exploits0References1
Prion
Prion
added 2022/01/15 5:15 p.m.16 views

Input validation

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation issue 2 of 2...

5CVSS7.5AI score0.01245EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/07 10:39 p.m.67 views

CVE-2022-22271

CVE-2022-22271 concerns Samsung TIMA Trustlet where a missing input validation before memory copy allows copying data from arbitrary memory. Connected sources (e.g., PT-2022-15317) specify that TIMA Trustlet versions prior to SMR Jan-2022 Release 1 are affected; remediation is to update to SMR Ja...

5.5CVSS5.5AI score0.0011EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.2 views

Piwigo 跨站脚本漏洞

Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...

6.1CVSS5.2AI score0.00786EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Parsian Bank Gateway for Woocommerce plugin is a WordPress open source application plugin. WordPress Parsian Bank...

6.1CVSS6AI score0.00757EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...

6.1CVSS5.6AI score0.01167EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2021/11/23 12:0 a.m.40 views

CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

6.8CVSS7.2AI score0.02617EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/09/29 12:0 a.m.46 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References16
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.44 views

CentOS 8 : nodejs:14 (CESA-2021:3666)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

9.8CVSS7.3AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2021/09/22 12:0 a.m.44 views

CentOS 8 : nodejs:12 (CESA-2021:3623)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3623 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

9.8CVSS7.3AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2021/09/04 12:0 a.m.43 views

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2953-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2953-1 advisory. - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22930: Fixed use after free on close http2 on stream...

9.8CVSS6.8AI score0.37286EPSS
Exploits3References13
Tenable Nessus
Tenable Nessus
added 2021/09/04 12:0 a.m.30 views

openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2953-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2953-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References13
Rows per page
Query Builder