Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2026/05/05 8:41 a.m.10 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 7:0 p.m.9 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/07 8:50 p.m.6 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/10 6:23 p.m.3 views

CVE-2025-34430 1Panel CSRF Panel Name Modification

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS6.5AI score0.00172EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/10 6:23 p.m.27 views

CVE-2025-34430 1Panel CSRF Panel Name Modification

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1096

Malware in sbrugna...

5CVSS6AI score0.13518EPSS
Exploits1References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-15547

Malware in sbrugna...

5.4CVSS5.6AI score0.01287EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-35857

Malicious code in bioql PyPI...

9CVSS6.6AI score0.01049EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-48951

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.6 views

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

8CVSS6.9AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/12/28 2:24 a.m.13 views

CVE-2024-56671

In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irqchip.name from probe function to the initialization of "irqchip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification o...

5.5CVSS6.7AI score0.00185EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/06 8:24 a.m.25 views

CVE-2024-9705 Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsmupdatetemplatenamelite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

4.3CVSS0.00327EPSS
Exploits0References3
RubySec
RubySec
added 2024/02/20 12:0 a.m.15 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.5 views

Flowring Technology Agentflow BPM 授权问题漏洞

Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology. Flowring Technology Agentflow BPM suffers from an authorization vulnerability that arises from improper authentication of its enterprise management system, which could allow a remote attacker wi...

8.8CVSS8.2AI score0.00852EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/04/28 8:42 p.m.27 views

CVE-2020-22790

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs...

5.4AI score0.01287EPSS
Exploits1References3
CNVD
CNVD
added 2017/06/02 12:0 a.m.3 views

Website Star CMS has multiple vulnerabilities

Ltd. is a first-class Internet application service provider based on cloud computing. There is an arbitrary file name modification, arbitrary file reading vulnerability in the background of CMS. Attackers can use this vulnerability to arbitrarily delete or read website file information, and can n...

7AI score
Exploits0
Cvelist
Cvelist
added 2000/11/29 5:0 a.m.33 views

CVE-2000-1023

The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program...

6.4AI score0.08644EPSS
Exploits1References3
Rows per page
Query Builder